Suspicious Encoded Scripts in a WMI Consumer (83844185-1c5b-45bc-bcf3-b5bf3084ca5b)

Detects suspicious encoded payloads in WMI Event Consumers

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Suspicious Encoded Scripts in a WMI Consumer (83844185-1c5b-45bc-bcf3-b5bf3084ca5b)	Sigma-Rules	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Suspicious Encoded Scripts in a WMI Consumer (83844185-1c5b-45bc-bcf3-b5bf3084ca5b)	Sigma-Rules	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	2