Detect CVE-2023-28252 & CVE-2023-21554 Exploitation Attempts: Windows Zero-Day Actively Used in Ransomware Attacks and a Critical RCE Flaw - SOC Prime
Tags
cmtmf-attack-pattern: Exploit Public-Facing Application
attack-pattern: Exploitation Of Remote Services - T1428 Exploit Public-Facing Application - T1377 Software - T1592.002 Windows Service - T1543.003 Vulnerabilities - T1588.006 Exploit Public-Facing Application - T1190 Exploitation Of Remote Services - T1210 Exploit Public-Facing Application Exploitation Of Remote Services
Show in Graph
Common Information
Type Value
UUID 77a83ed6-51bc-4be5-bd5f-004363dbda8c
Fingerprint 943609719b0687a7
Analysis status DONE
Considered CTI value 2
Text language
Published April 12, 2023, 12:45 p.m.
Added to db April 12, 2023, 2:47 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Detect CVE-2023-28252 & CVE-2023-21554 Exploitation Attempts: Windows Zero-Day Actively Used in Ransomware Attacks and a Critical RCE Flaw
Title Detect CVE-2023-28252 & CVE-2023-21554 Exploitation Attempts: Windows Zero-Day Actively Used in Ransomware Attacks and a Critical RCE Flaw - SOC Prime
Detected Hints/Tags/Attributes 28/2/8
Source URLs
Redirection Url
Details Source https://socprime.com/blog/detect-cve-2023-28252-cve-2023-21554-exploitation-attempts-windows-zero-day-actively-used-in-ransomware-attacks-and-a-critical-rce-flaw/
URL Provider
Details Provider Source level domain
Details socprime.com socprime.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 237 SOC Prime https://socprime.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 73 
cve-2023-28252
Details CVE 46 
cve-2023-21554
Details CVE 15 
cve-2023-2825
Details Domain 32 
my.socprime.com
Details File 9 
mqsvc.exe
Details MITRE ATT&CK Techniques 542 
T1190
Details MITRE ATT&CK Techniques 109 
T1210
Details Url 15 
https://my.socprime.com/pricing/.