Potential CVE-2024-35250 Exploitation Activity

Rule Info

Name
Potential CVE-2024-35250 Exploitation Activity
Author
@eyezuhk Isaac Fernandes
Description
Detects potentially suspicious loading of "ksproxy.ax", which may indicate an attempt to exploit CVE-2024-35250.
Reference
https://thehackernews.com/2024/12/cisa-and-fbi-raise-alerts-on-exploited.html
Date
2025-02-19 00:00:00
Modified
None
Id
17ce9373-2163-4a2c-90ba-f91e9ef7a8c1
Tags
attack.privilege-escalation attack.t1068 cve.2024-35250 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=17ce9373-2163-4a2c-90ba-f91e9ef7a8c1

Rule History

Author
Title
Date
Commit
Isaac Fernandes
Merge PR #5136 from @Eyezuhk - Add `Potential CVE-2024-35250 Exploitation Activity`
2025-02-24
3fb1894a7
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022