Potential CVE-2024-35250 Exploitation Activity

Last updated on:

About the rule

Rule Type

Standard

Rule Description

Detects potentially suspicious loading of "ksproxy.ax", which may indicate an attempt to exploit CVE-2024-35250.

Severity

Attention

Rule Requirement

Criteria

Action1: actionname = "Image Loaded" AND (OBJECTNAME endswith "\ksproxy.ax" AND PROCESSNAME notcontains "teams.exe,zoom.exe,firefox.exe,chrome.exe,opera.exe,Discord.exe") select Action1.HOSTNAME,Action1.MESSAGE,Action1.PROCESSNAME,Action1.PRODUCT_NAME,Action1.OBJECTNAME,Action1.SIGNATURE,Action1.SIGNATURESTATUS

Detection

Execution Mode

realtime

Log Sources

Windows

Author

@eyezuhk Isaac Fernandes