Potential SquiblyTwo Technique Execution (8d63dadf-b91b-4187-87b6-34a1114577ea)

Detects potential SquiblyTwo attack technique with possible renamed WMIC via Imphash and OriginalFileName fields

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential SquiblyTwo Technique Execution (8d63dadf-b91b-4187-87b6-34a1114577ea)	Sigma-Rules	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Potential SquiblyTwo Technique Execution (8d63dadf-b91b-4187-87b6-34a1114577ea)	Sigma-Rules	1
Potential SquiblyTwo Technique Execution (8d63dadf-b91b-4187-87b6-34a1114577ea)	Sigma-Rules	XSL Script Processing - T1220 (ebbe170d-aa74-4946-8511-9921243415a3)	Attack Pattern	1
Potential SquiblyTwo Technique Execution (8d63dadf-b91b-4187-87b6-34a1114577ea)	Sigma-Rules	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2