Skip to content

Hide Navigation Hide TOC

Vulnerable WinRing0 Driver Load (1a42dfa6-6cb2-4df9-9b48-295be477e835)

Detects the load of a signed WinRing0 driver often used by threat actors, crypto miners (XMRIG) or malware for privilege escalation

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Vulnerable WinRing0 Driver Load (1a42dfa6-6cb2-4df9-9b48-295be477e835) Sigma-Rules 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2