Home/CVE-2023-42793/YARA rules
YARA

YARA rules for CVE-2023-42793

1 rules · scoped to cve · back to CVE-2023-42793
YARA rules whose family, name, or description matches this cve or its tooling. Use these for binary-pattern hunts.

YARA rules

1 of 1
direct LOG
LOG_EXPL_SUSP_TeamCity_CVE_2023_42793_Oct23_1
Detects log entries that could indicate a successful exploitation of CVE-2023-42793 on TeamCity servers
author Florian Roth license see source repo
view YARA rule 
rule LOG_EXPL_SUSP_TeamCity_CVE_2023_42793_Oct23_1 {
   meta:
      description = "Detects log entries that could indicate a successful exploitation of CVE-2023-42793 on TeamCity servers"
      author = "Florian Roth"
      reference = "https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis"
      date = "2023-10-02"
      score = 70
      id = "81c04863-72aa-5515-889e-3ef718360cac"
   strings:
      $sa1 = "File edited: "
      $sa2 = "\\TeamCity\\config\\internal.properties by user with id="
      
      $sb1 = "s.buildServer.ACTIVITIES.AUDIT - server_file_change: File "
      $sb2 = "\\TeamCity\\config\\internal.properties was modified by \"user with id"
   condition:
      all of ($sa*) or all of ($sb*)
}
Showing 1-1 of 1
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin