Update cve tags

2021-08-24 10:27:27 +02:00
parent c2302a15da
commit ace46c17be
7 changed files with 19 additions and 21 deletions
@@ -8,11 +8,11 @@ references:
    - https://github.com/hhlxf/PrintNightmare
    - https://github.com/afwu/PrintNightmare
    - https://twitter.com/fuzzyf10w/status/1410202370835898371
+    - https://nvd.nist.gov/vuln/detail/cve-2021-1675
 date: 2021/06/30
 modified: 2021/07/08
 tags:
    - attack.execution
-    - cve.2021-1675
 logsource:
    product: windows
    service: printservice-admin
@@ -6,11 +6,11 @@ status: experimental
 level: critical
 references:
    - https://twitter.com/INIT_3/status/1410662463641731075
+    - https://nvd.nist.gov/vuln/detail/cve-2021-1675
+    - https://nvd.nist.gov/vuln/detail/cve-2021-34527
 date: 2021/07/02
 tags:
    - attack.execution
-    - cve.2021-1675
-    - cve.2021-34527
 logsource:
    product: windows
    service: security
@@ -6,10 +6,10 @@ status: experimental
 level: critical
 references:
    - https://twitter.com/MalwareJake/status/1410421967463731200
+    - https://nvd.nist.gov/vuln/detail/cve-2021-1675
 date: 2021/07/01
 tags:
    - attack.execution
-    - cve.2021-1675
 logsource:
    product: windows
    service: printservice-operational
@@ -5,11 +5,12 @@ author: Florian Roth
 date: 2021/05/05
 references:
    - https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/
+    - https://nvd.nist.gov/vuln/detail/cve-2021-21551
 logsource:
    category: driver_load
    product: windows
 tags:
-    - cve.2021-21551
+    - attack.privilege_escalation
 detection:
    selection_image:
        ImageLoaded|contains: '\DBUtil_2_3.Sys'
@@ -5,24 +5,23 @@ description: Detect DLL deletions from Spooler Service driver folder
 references:
    - https://github.com/hhlxf/PrintNightmare
    - https://github.com/cube0x0/CVE-2021-1675
+    - https://nvd.nist.gov/vuln/detail/cve-2021-1675
 author: Bhabesh Raj
 date: 2021/07/01
+modified: 2021/08/24
 tags:
    - attack.persistence
    - attack.defense_evasion
    - attack.privilege_escalation
    - attack.t1574
-    - cve.2021-1675
 logsource:
    category: file_delete
    product: windows
 detection:
    selection:
-        Image|endswith:
-            - 'spoolsv.exe'
-        TargetFilename|contains:
-            - 'C:\Windows\System32\spool\drivers\x64\3\'
+        Image|endswith: 'spoolsv.exe'
+        TargetFilename|contains: 'C:\Windows\System32\spool\drivers\x64\3\'
    condition: selection
 falsepositives:
    - Unknown
-level: high
+level: high
@@ -4,27 +4,24 @@ status: experimental
 description: Detect DLL Load from Spooler Service backup folder
 references:
    - https://github.com/hhlxf/PrintNightmare
+    - https://nvd.nist.gov/vuln/detail/cve-2021-1675
+    - https://nvd.nist.gov/vuln/detail/cve-2021-34527
 author: FPT.EagleEye, Thomas Patzke (improvements)
 date: 2021/06/29
-modified: 2021/07/08
+modified: 2021/08/24
 tags:
    - attack.persistence
    - attack.defense_evasion
    - attack.privilege_escalation
    - attack.t1574
-    - cve.2021-1675
-    - cve.2021-34527
 logsource:
    category: image_load
    product: windows
 detection:
    selection:
-        Image|endswith:
-            - 'spoolsv.exe'
-        ImageLoaded|contains:
-            - '\Windows\System32\spool\drivers\x64\3\'
-        ImageLoaded|endswith:
-            - '.dll'
+        Image|endswith: 'spoolsv.exe'
+        ImageLoaded|contains: '\Windows\System32\spool\drivers\x64\3\'
+        ImageLoaded|endswith: '.dll'
    condition: selection
 falsepositives:
    - Loading of legitimate driver
@@ -6,11 +6,12 @@ author: Florian Roth
 date: 2021/07/14
 references:
    - https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/
+    - https://nvd.nist.gov/vuln/detail/cve-2021-35211
 logsource:
    category: process_creation
    product: windows
 tags:
-    - cve.2021-35211
+    - attack.credential_access
 detection:
    selection:
        ParentImage|endswith: '\Serv-U.exe'