Nasreddine Bencherchali
42 lines
1.6 KiB
YAML
42 lines
1.6 KiB
YAML
title: Vulnerable Dell BIOS Update Driver Load
|
|
id: 21b23707-60d6-41bb-96e3-0f0481b0fed9
|
|
description: Detects the load of the vulnerable Dell BIOS update driver as reported in CVE-2021-21551
|
|
status: experimental
|
|
author: Florian Roth
|
|
date: 2021/05/05
|
|
modified: 2022/07/27
|
|
references:
|
|
- https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/
|
|
logsource:
|
|
category: driver_load
|
|
product: windows
|
|
tags:
|
|
- attack.privilege_escalation
|
|
- cve.2021.21551
|
|
- attack.t1543
|
|
detection:
|
|
selection_image:
|
|
ImageLoaded|contains: '\DBUtil_2_3.Sys'
|
|
selection_sysmon:
|
|
Hashes|contains:
|
|
- 'SHA256=0296E2CE999E67C76352613A718E11516FE1B0EFC3FFDB8918FC999DD76A73A5'
|
|
- 'SHA256=DDBF5ECCA5C8086AFDE1FB4F551E9E6400E94F4428FE7FB5559DA5CFFA654CC1'
|
|
- 'SHA1=C948AE14761095E4D76B55D9DE86412258BE7AFD'
|
|
- 'SHA1=10B30BDEE43B3A2EC4AA63375577ADE650269D25'
|
|
- 'MD5=C996D7971C49252C582171D9380360F2'
|
|
- 'MD5=D2FD132AB7BBC6BBB87A84F026FA0244'
|
|
selection_hash:
|
|
SHA256:
|
|
- '0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5'
|
|
- 'ddbf5ecca5c8086afde1fb4f551e9e6400e94f4428fe7fb5559da5cffa654cc1'
|
|
SHA1:
|
|
- 'c948ae14761095e4d76b55d9de86412258be7afd'
|
|
- '10b30bdee43b3a2ec4aa63375577ade650269d25'
|
|
MD5:
|
|
- 'c996d7971c49252c582171d9380360f2'
|
|
- 'd2fd132ab7bbc6bbb87a84f026fa0244'
|
|
condition: 1 of selection*
|
|
falsepositives:
|
|
- Legitimate BIOS driver updates (should be rare)
|
|
level: high
|