Potential PrintNightmare Exploitation Attempt (5b2bbc47-dead-4ef7-8908-0cf73fcbecbf)
Detect DLL deletions from Spooler Service driver folder. This might be a potential exploitation attempt of CVE-2021-1675
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) | Attack Pattern | Potential PrintNightmare Exploitation Attempt (5b2bbc47-dead-4ef7-8908-0cf73fcbecbf) | Sigma-Rules | 1 |