Rule Library
Sigma Rules
3 rules found for "CVE-2023-36874"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threatmediumtest
Potential CVE-2023-36874 Exploitation - Uncommon Report.Wer Location
Detects the creation of a "Report.wer" file in an uncommon folder structure. This could be a sign of potential exploitation of CVE-2023-36874.
WindowsFile Event
Nasreddine Bencherchali (Nextron Systems)Wed Aug 232023
Emerging Threathightest
Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation
Detects the creation of a file named "wermgr.exe" being created in an uncommon directory. This could be a sign of potential exploitation of CVE-2023-36874.
WindowsFile Event
Nasreddine Bencherchali (Nextron Systems)Wed Aug 232023
Emerging Threathightest
Potential CVE-2023-36874 Exploitation - Fake Wermgr Execution
Detects the execution of a renamed "cmd", "powershell" or "powershell_ise" binary. Attackers were seen using these binaries in a renamed form as "wermgr.exe" in exploitation of CVE-2023-36874
WindowsProcess Creation
Nasreddine Bencherchali (Nextron Systems)Wed Aug 232023