CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)

Rule Info

Name
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
Author
Andreas Braathen (mnemonic.io)
Description
Detects exploitation attempt of CVE-2023-22518 (Confluence Data Center / Confluence Server), where an attacker can exploit vulnerable endpoints to e.g. create admin accounts and execute arbitrary commands.
Date
2023-11-14 00:00:00
Modified
None
Id
1ddaa9a4-eb0b-4398-a9fe-7b018f9e23db
Tags
detection.emerging_threats attack.execution attack.t1059 attack.initial_access attack.t1190 cve.2023.22518 DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
Andreas Braathen
Merge PR #4567 from @netgrain - Adding analytics for CVE-2023-22518
2023-11-15