Ruby Inline Command Execution (20a5ffa1-3848-4584-b6f8-c7c7fd9f69c8)
Detects execution of ruby using the "-e" flag. This is could be used as a way to launch a reverse shell or execute live ruby code.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Ruby Inline Command Execution (20a5ffa1-3848-4584-b6f8-c7c7fd9f69c8) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |