Rule Library
Sigma Rules
3 rules found for "NVISO"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threathightest
CVE-2020-0688 Exploitation Attempt
Detects CVE-2020-0688 Exploitation attempts
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2020-0688detection.emerging-threats
NVISOThu Feb 272020
Emerging Threathightest
CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry
Detects changes to the "Ports" registry key with data that includes a Windows path or a file with a suspicious extension. This could be an attempt to exploit CVE-2020-1048 - a Windows Print Spooler elevation of privilege vulnerability.
WindowsRegistry Set
TA0003 · PersistenceTA0002 · ExecutionTA0005 · Defense EvasionT1112 · Modify Registry+2
EagleEye Team+2Wed May 132020
Emerging Threatcriticaltest
FlowCloud Registry Markers
Detects FlowCloud malware registry markers from threat group TA410. The malware stores its configuration in the registry alongside drivers utilized by the malware's keylogger components.
WindowsRegistry Event
TA0005 · Defense EvasionTA0003 · PersistenceT1112 · Modify Registrydetection.emerging-threats
NVISOTue Jun 092020