Rule Library

Sigma Rules

6 rules found for "CVE-2023-36884"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Potential CVE-2023-36884 Exploitation Dropped File

Detects a specific file being created in the recent folder of Office. These files have been seen being dropped during potential exploitations of CVE-2023-36884

WindowsFile Event

Nasreddine Bencherchali (Nextron Systems)+1Thu Jul 132023

Emerging Threatcriticaltest

Potential CVE-2023-36884 Exploitation Pattern

Detects a unique pattern seen being used by RomCom potentially exploiting CVE-2023-36884

Proxy Log

X__JuniorWed Jul 122023

Emerging Threathightest

Potential CVE-2303-36884 URL Request Pattern Traffic

Detects a specific URL pattern containing a specific extension and parameters pointing to an IP address. This pattern was seen being used by RomCOM potentially exploiting CVE-2023-36884

Proxy Log

X__JuniorWed Jul 122023

Emerging Threatmediumtest

Potential CVE-2023-36884 Exploitation - File Downloads

Detects files seen being requested by RomCom while potentially exploiting CVE-2023-36884

Proxy Log

X__JuniorWed Jul 122023

Emerging Threathightest

Potential CVE-2023-36884 Exploitation - URL Marker

Detects a unique URL marker seen being used by RomCom potentially exploiting CVE-2023-36884

Proxy Log

X__JuniorWed Jul 122023

Emerging Threathightest

Potential CVE-2023-36884 Exploitation - Share Access

Detects access to a file share with a naming schema seen being used during exploitation of CVE-2023-36884

Windowssecurity

Nasreddine Bencherchali (Nextron Systems)Thu Jul 132023