sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Samirbous	2b8fb44cb5	[New] SolarWinds Web Help Desk Java Module Load or Child Process (#5665 ) * [New] Suspicious SolarWinds Web Help Desk Java Module Load or Child Process Identifies the SolarWinds Web Help Desk Java process loading an untrusted or remote native module (DLL). This behavior is uncommon for the Web Help Desk server and may indicate successful exploitation of deserialization vulnerabilities (CVE-2025-40536, CVE-2025-40551), which allow attackers to load malicious SQLite extensions and achieve remote code execution. https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/ https://github.com/rapid7/metasploit-framework/pull/20917 * Update rules/windows/initial_access_potential_webhelpdesk_exploit.toml Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> * Update rules/windows/initial_access_potential_webhelpdesk_exploit.toml Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> * Update rules/windows/initial_access_potential_webhelpdesk_exploit.toml Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> --------- Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>	2026-02-04 16:09:55 +00:00

Author

SHA1

Message

Date

Samirbous

2b8fb44cb5

[New] SolarWinds Web Help Desk Java Module Load or Child Process (#5665 )

* [New] Suspicious SolarWinds Web Help Desk Java Module Load or Child Process

Identifies the SolarWinds Web Help Desk Java process loading an untrusted or remote native module (DLL).
This behavior is uncommon for the Web Help Desk server and may indicate successful exploitation of
deserialization vulnerabilities (CVE-2025-40536, CVE-2025-40551), which allow attackers to load malicious
SQLite extensions and achieve remote code execution.

https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/

https://github.com/rapid7/metasploit-framework/pull/20917

* Update rules/windows/initial_access_potential_webhelpdesk_exploit.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/windows/initial_access_potential_webhelpdesk_exploit.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/windows/initial_access_potential_webhelpdesk_exploit.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

2026-02-04 16:09:55 +00:00

1 Commits