Emerging Threats
CVE2023
CVE-2023-40477
2Rules
3References
1Folders
2023-08-31Latest
Summary
CVE-2023-40477 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / application, windows / file_event.
Related Detections
Search this threatEmerging Threatlowtest
CVE-2023-40477 Potential Exploitation - .REV File Creation
Detects the creation of ".rev" files by WinRAR. Could be indicative of potential exploitation of CVE-2023-40477. Look for a suspicious execution shortly after creation or a WinRAR application crash.
WindowsFile Event
TA0002 · Executioncve.2023-40477detection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Thu Aug 312023
Emerging Threatmediumtest
CVE-2023-40477 Potential Exploitation - WinRAR Application Crash
Detects a crash of "WinRAR.exe" where the version is lower than 6.23. This could indicate potential exploitation of CVE-2023-40477
Windowsapplication
TA0002 · Executioncve.2023-40477detection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Thu Aug 312023
References