title: CVE-2020-0688 Exploitation Attempt
id: 7c64e577-d72e-4c3d-9d75-8de6d1f9146a
status: test
description: Detects CVE-2020-0688 Exploitation attempts
author: NVISO
references:
  - https://github.com/Ridter/cve-2020-0688
date: 2020/02/27
modified: 2021/11/27
logsource:
  category: webserver
detection:
  selection:
    c-uri|contains|all:
      - '/ecp/default.aspx'
      - '__VIEWSTATEGENERATOR='
      - '__VIEWSTATE='
  condition: selection
falsepositives:
  - Unknown
level: high
tags:
  - attack.initial_access
  - attack.t1190