Techniques
Sample rules
JNDIExploit Pattern
- source: sigma
- technicques:
- t1190
Description
Detects exploitation attempt using the JNDI-Exploit-Kit
Detection logic
condition: keywords
keywords:
- /Basic/Command/Base64/
- /Basic/ReverseShell/
- /Basic/TomcatMemshell
- /Basic/JettyMemshell
- /Basic/WeblogicMemshell
- /Basic/JBossMemshell
- /Basic/WebsphereMemshell
- /Basic/SpringMemshell
- /Deserialization/URLDNS/
- /Deserialization/CommonsCollections1/Dnslog/
- /Deserialization/CommonsCollections2/Command/Base64/
- /Deserialization/CommonsBeanutils1/ReverseShell/
- /Deserialization/Jre8u20/TomcatMemshell
- /TomcatBypass/Dnslog/
- /TomcatBypass/Command/
- /TomcatBypass/ReverseShell/
- /TomcatBypass/TomcatMemshell
- /TomcatBypass/SpringMemshell
- /GroovyBypass/Command/
- /WebsphereBypass/Upload/