Skip to content

Hide Navigation Hide TOC

Read Contents From Stdin Via Cmd.EXE (241e802a-b65e-484f-88cd-c2dc10f9206d)

Detect the use of "<" to read and potentially execute a file via cmd.exe

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Read Contents From Stdin Via Cmd.EXE (241e802a-b65e-484f-88cd-c2dc10f9206d) Sigma-Rules 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2