From 19271a91ee1765aaa49fb9dd47d46ece8dfff310 Mon Sep 17 00:00:00 2001
From: Shivammalaviya <66640150+Shivammalaviya@users.noreply.github.com>
Date: Wed, 14 Jul 2021 12:54:34 +0530
Subject: [PATCH] Create SolarWinds -CVE-2021-35211

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
---
 Exploits/SolarWinds -CVE-2021-35211 | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 Exploits/SolarWinds -CVE-2021-35211

diff --git a/Exploits/SolarWinds -CVE-2021-35211 b/Exploits/SolarWinds -CVE-2021-35211
new file mode 100644
index 00000000..cf2dd666
--- /dev/null
+++ b/Exploits/SolarWinds -CVE-2021-35211	
@@ -0,0 +1,8 @@
+//Check for network connections with SolarWInds IP's based on DeviceNetworkEvents
+let IPs = pack_array("98.176.196.89", "68.235.178.32", 
+"208.113.35.58","144.34.179.162","97.77.97.58"); 
+DeviceNetworkEvents
+| where RemotePort == 443
+| where Protocol == "Tcp" and ActionType == "ConnectionSuccess"
+| where Timestamp > ago(7d) 
+| where RemoteIP in(IPs)