Phoenix
Sigma IntelligenceBeta
Back to Rules
Emerging Threathightest

MSMQ Corrupted Packet Encountered

Detects corrupted packets sent to the MSMQ service. Could potentially be a sign of CVE-2023-21554 exploitation

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch
Nasreddine Bencherchali (Nextron Systems)Created Fri Apr 21ae94b10d-fee9-4767-82bb-439b309d5a272023
Emerging Threat
Active Threat

Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.

Log Source
Windowsapplication
ProductWindows← raw: windows
Serviceapplication← raw: application
Detection Logic
Detection Logic1 selector
detection:
    selection:
        Provider_Name: 'MSMQ'
        EventID: 2027
        Level: 2
    condition: selection
False Positives
Unknown

False positive likelihood has not been assessed. Additional context may be needed during triage.

References
1
Resolving title…
randori.com
MITRE ATT&CK

Other

detection.emerging-threats
Rule Metadata
Rule ID
ae94b10d-fee9-4767-82bb-439b309d5a27
Status
test
Level
high
Type
Emerging Threat
Created
Fri Apr 21
Author
Nasreddine Bencherchali (Nextron Systems)
Path
rules-emerging-threats/2023/Exploits/CVE-2023-21554/win_cve_2023_21554_msmq_corrupted_packet.yml
Raw Tags
attack.executiondetection.emerging-threats
View on GitHub