Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

1 rule found for "Gregory"

3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threathightest

Potential CVE-2023-27363 Exploitation - HTA File Creation By FoxitPDFReader

Detects suspicious ".hta" file creation in the startup folder by Foxit Reader. This can be an indication of CVE-2023-27363 exploitation.

WindowsFile Event
TA0003 · PersistenceT1505.001 · SQL Stored Procedurescve.2023-27363detection.emerging-threats
GregoryWed Oct 112023