Emerging Threats
CVE2023
CVE-2023-38831
2Rules
2References
1Folders
2024-01-22Latest
Summary
CVE-2023-38831 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / file_event, windows / process_creation.
Related Detections
Search this threatEmerging Threathightest
CVE-2023-38331 Exploitation Attempt - Suspicious WinRAR Child Process
Detects exploitation attempt of CVE-2023-38331 (WinRAR before v6.23), where an attacker can leverage WinRAR to execute arbitrary commands and binaries.
WindowsProcess Creation
detection.emerging-threatsTA0002 · ExecutionT1203 · Exploitation for Client Executioncve.2023-38331
Nasreddine Bencherchali (Nextron Systems)+1Wed Aug 302023
Emerging Threathightest
CVE-2023-38331 Exploitation Attempt - Suspicious Double Extension File
Detects the creation of a file with a double extension and a space by WinRAR. This could be a sign of exploitation of CVE-2023-38331
WindowsFile Event
TA0002 · Executioncve.2023-38331detection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Wed Aug 302023
References