Emerging Threats
CVE2023
CVE-2023-36874
3Rules
2References
1Folders
2025-01-13Latest
Summary
CVE-2023-36874 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / file_event, windows / process_creation.
Related Detections
Search this threatEmerging Threathightest
Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation
Detects the creation of a file named "wermgr.exe" being created in an uncommon directory. This could be a sign of potential exploitation of CVE-2023-36874.
WindowsFile Event
TA0002 · Executioncve.2023-36874detection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Wed Aug 232023
Emerging Threathightest
Potential CVE-2023-36874 Exploitation - Fake Wermgr Execution
Detects the execution of a renamed "cmd", "powershell" or "powershell_ise" binary. Attackers were seen using these binaries in a renamed form as "wermgr.exe" in exploitation of CVE-2023-36874
WindowsProcess Creation
TA0002 · Executioncve.2023-36874detection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Wed Aug 232023
Emerging Threatmediumtest
Potential CVE-2023-36874 Exploitation - Uncommon Report.Wer Location
Detects the creation of a "Report.wer" file in an uncommon folder structure. This could be a sign of potential exploitation of CVE-2023-36874.
WindowsFile Event
TA0002 · Executioncve.2023-36874detection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Wed Aug 232023
References