valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: changed level and reference in CVE-2021-40444 rule

Browse Source
This commit is contained in:
Florian Roth 2021-09-09 08:46:34 +02:00
parent 36a5d7ec04
commit 2777187fd9
No known key found for this signature in database
GPG Key ID: 5C328E4878049D7A
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/process_creation/win_susp_control_cve_2021_40444.yml
View File

@ -3,6 +3,7 @@ id: 894397c6-da03-425c-a589-3d09e7d1f750
description: Detects a suspicious process pattern found in CVE-2021-40444 exploitation
status: experimental
references:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
- https://twitter.com/neonprimetime/status/1435584010202255375
- https://www.joesandbox.com/analysis/476188/1/iochtml
author: '@neonprimetime, Florian Roth'
@ -23,4 +24,5 @@ detection:
condition: selection and not filter
falsepositives:
- Unknown
level: high
level: critical