CVE2023

CVE-2023-23397

3Rules

3References

1Folders

2025-10-13Latest

Summary

CVE-2023-23397 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / registry_set, windows / security, windows / smbclient-connectivity.

Related Detections

Search this threat

Emerging Threatmediumtest

Potential CVE-2023-23397 Exploitation Attempt - SMB

Detects (failed) outbound connection attempts to internet facing SMB servers. This could be a sign of potential exploitation attempts of CVE-2023-23397.

Windowssmbclient-connectivity

TA0010 · Exfiltrationcve.2023-23397detection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)Wed Apr 052023

Emerging Threatlowtest

Outlook Task/Note Reminder Received

Detects changes to the registry values related to outlook that indicates that a reminder was triggered for a Note or Task item. This could be a sign of exploitation of CVE-2023-23397. Further investigation is required to determine the success of an exploitation.

WindowsRegistry Set

TA0003 · PersistenceT1137 · Office Application Startupcve.2023-23397detection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)Wed Apr 052023

Emerging Threatcriticaltest

CVE-2023-23397 Exploitation Attempt

Detects outlook initiating connection to a WebDAV or SMB share, which could be a sign of CVE-2023-23397 exploitation.

Windowssecurity

TA0006 · Credential AccessTA0001 · Initial Accesscve.2023-23397detection.emerging-threats

Robert LeeThu Mar 162023

References