Remote XSL Execution Via Msxsl.EXE (75d0a94e-6252-448d-a7be-d953dff527bb)
Detects the execution of the "msxsl" binary with an "http" keyword in the command line. This might indicate a potential remote execution of XSL files.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Remote XSL Execution Via Msxsl.EXE (75d0a94e-6252-448d-a7be-d953dff527bb) | Sigma-Rules | XSL Script Processing - T1220 (ebbe170d-aa74-4946-8511-9921243415a3) | Attack Pattern | 1 |