Potential CVE-2024-35250 Exploitation Activity
Last updated on:
In this page
About the rule
Rule Type
Standard
Rule Description
Detects potentially suspicious loading of "ksproxy.ax", which may indicate an attempt to exploit CVE-2024-35250.
Severity
Attention
Rule Requirement
Criteria
Action1:
actionname = "Image Loaded" AND (OBJECTNAME endswith "\ksproxy.ax" AND PROCESSNAME notcontains "teams.exe,zoom.exe,firefox.exe,chrome.exe,opera.exe,Discord.exe")
select Action1.HOSTNAME,Action1.MESSAGE,Action1.PROCESSNAME,Action1.PRODUCT_NAME,Action1.OBJECTNAME,Action1.SIGNATURE,Action1.SIGNATURESTATUS
Detection
Execution Mode
realtime
Log Sources
Windows
Author
@eyezuhk Isaac Fernandes


