Rule Library

Sigma Rules

2 rules found for "EagleEye Team"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Suspicious PrinterPorts Creation (CVE-2020-1048)

Detects new commands that add new printer port which point to suspicious file

WindowsProcess Creation

TA0003 · PersistenceTA0002 · ExecutionT1059.001 · PowerShellcve.2020-1048+1

EagleEye Team+1Wed May 132020

Emerging Threathightest

CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry

Detects changes to the "Ports" registry key with data that includes a Windows path or a file with a suspicious extension. This could be an attempt to exploit CVE-2020-1048 - a Windows Print Spooler elevation of privilege vulnerability.

WindowsRegistry Set

TA0003 · PersistenceTA0002 · ExecutionTA0005 · Defense EvasionT1112 · Modify Registry+2

EagleEye Team+2Wed May 132020