Emerging Threatlowtest
Outlook Task/Note Reminder Received
Detects changes to the registry values related to outlook that indicates that a reminder was triggered for a Note or Task item. This could be a sign of exploitation of CVE-2023-23397. Further investigation is required to determine the success of an exploitation.
Convert In Phoenix Studio
Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.
Launch
Nasreddine Bencherchali (Nextron Systems)Created Wed Apr 05Updated Thu Aug 17fc06e655-d98c-412f-ac76-05c2698b1cb22023
Emerging Threat
Active Threat
Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.
Log Source
WindowsRegistry Set
ProductWindows← raw: windows
CategoryRegistry Set← raw: registry_set
Detection Logic
Detection Logic1 selector
detection:
selection:
TargetObject|contains|all:
- '\SOFTWARE\Microsoft\Office\'
- '\Outlook\'
TargetObject|contains:
- '\Tasks\'
- '\Notes\'
condition: selectionFalse Positives
Legitimate reminders received for a task or a note will also trigger this rule.
References
MITRE ATT&CK
Tactics
Techniques
Other
cve.2023-23397detection.emerging-threats
Rule Metadata
Rule ID
fc06e655-d98c-412f-ac76-05c2698b1cb2
Status
test
Level
low
Type
Emerging Threat
Created
Wed Apr 05
Modified
Thu Aug 17
Path
rules-emerging-threats/2023/Exploits/CVE-2023-23397/registry_set_exploit_cve_2023_23397_outlook_reminder_trigger.yml
Raw Tags
attack.persistenceattack.t1137cve.2023-23397detection.emerging-threats