CVE-2023-36884
CVE-2023-36884 is tracked here through 6 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on proxy, windows / file_event, windows / security.
Potential CVE-2023-36884 Exploitation - Share Access
Detects access to a file share with a naming schema seen being used during exploitation of CVE-2023-36884
Potential CVE-2023-36884 Exploitation Dropped File
Detects a specific file being created in the recent folder of Office. These files have been seen being dropped during potential exploitations of CVE-2023-36884
Potential CVE-2023-36884 Exploitation - File Downloads
Detects files seen being requested by RomCom while potentially exploiting CVE-2023-36884
Potential CVE-2023-36884 Exploitation - URL Marker
Detects a unique URL marker seen being used by RomCom potentially exploiting CVE-2023-36884
Potential CVE-2023-36884 Exploitation Pattern
Detects a unique pattern seen being used by RomCom potentially exploiting CVE-2023-36884
Potential CVE-2303-36884 URL Request Pattern Traffic
Detects a specific URL pattern containing a specific extension and parameters pointing to an IP address. This pattern was seen being used by RomCOM potentially exploiting CVE-2023-36884