Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

1 rule found for "CVE-2015-1641"

3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threatcriticalstable

Exploit for CVE-2015-1641

Detects Winword starting uncommon sub process MicroScMgmt.exe as used in exploits for CVE-2015-1641

WindowsProcess Creation
Florian Roth (Nextron Systems)Thu Feb 222015