CVE-2024-49113 Exploitation Attempt - LDAP Nightmare

Rule Info

Name
CVE-2024-49113 Exploitation Attempt - LDAP Nightmare
Author
Samuel Monsempes
Description
Detects exploitation attempt of CVE-2024-49113 known as LDAP Nightmare, based on "Application Error" log where the faulting application is "lsass.exe" and the faulting module is "WLDAP32.dll".
Reference
https://gist.github.com/travisbgreen/82b68bac499edbe0b17dcbfa0c5c71b7
Date
2025-01-08 00:00:00
Modified
None
Id
3f2c93c7-7b2a-4d58-bb8d-6f39422d8148
Tags
attack.impact attack.t1499 cve.2024-49113 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=3f2c93c7-7b2a-4d58-bb8d-6f39422d8148

Rule History

Author
Title
Date
Commit
samuelmonsempessenthorus
Merge PR #5155 from @samuelmonsempessenthorus - Add `CVE-2024-49113 Exploitation Attempt - LDAP Nightmare`
2025-01-08
fad474299
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022