Potential Arbitrary Command Execution Using Msdt.EXE (258fc8ce-8352-443a-9120-8a11e4857fa5)
Detects processes leveraging the "ms-msdt" handler or the "msdt.exe" binary to execute arbitrary commands as seen in the follina (CVE-2022-30190) vulnerability
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) | Attack Pattern | Potential Arbitrary Command Execution Using Msdt.EXE (258fc8ce-8352-443a-9120-8a11e4857fa5) | Sigma-Rules | 1 |