WMIC Unquoted Services Path Lookup - PowerShell (09658312-bc27-4a3b-91c5-e49ab9046d1b)
Detects known WMI recon method to look for unquoted service paths, often used by pentest inside of powershell scripts attackers enum scripts
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| WMIC Unquoted Services Path Lookup - PowerShell (09658312-bc27-4a3b-91c5-e49ab9046d1b) | Sigma-Rules | Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) | Attack Pattern | 1 |