Skip to content

Hide Navigation Hide TOC

Vim GTFOBin Abuse - Linux (7ab8f73a-fcff-428b-84aa-6a5ff7877dea)

Detects the use of "vim" and it's siblings commands to execute a shell or proxy commands. Such behavior may be associated with privilege escalation, unauthorized command execution, or to break out from restricted environments.

Cluster A Galaxy A Cluster B Galaxy B Level
Vim GTFOBin Abuse - Linux (7ab8f73a-fcff-428b-84aa-6a5ff7877dea) Sigma-Rules Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 1
Vim GTFOBin Abuse - Linux (7ab8f73a-fcff-428b-84aa-6a5ff7877dea) Sigma-Rules File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1