Suspicious MSDT Parent Process (7a74da6b-ea76-47db-92cc-874ad90df734)

Detects msdt.exe executed by a suspicious parent as seen in CVE-2022-30190 / Follina exploitation

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Suspicious MSDT Parent Process (7a74da6b-ea76-47db-92cc-874ad90df734)	Sigma-Rules	1
Suspicious MSDT Parent Process (7a74da6b-ea76-47db-92cc-874ad90df734)	Sigma-Rules	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	1