Network Connection Initiated By IMEWDBLD.EXE (8d7e392e-9b28-49e1-831d-5949c6281228)
Detects a network connection initiated by IMEWDBLD.EXE. This might indicate potential abuse of the utility as a LOLBIN in order to download arbitrary files or additional payloads.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) | Attack Pattern | Network Connection Initiated By IMEWDBLD.EXE (8d7e392e-9b28-49e1-831d-5949c6281228) | Sigma-Rules | 1 |