Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

1 rule found for "CVE-2017-0261"

3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threatmediumtest

Exploit for CVE-2017-0261

Detects Winword starting uncommon sub process FLTLDR.exe as used in exploits for CVE-2017-0261 and CVE-2017-0262

WindowsProcess Creation
Florian Roth (Nextron Systems)Thu Feb 222017