Arbitrary MSI Download Via Devinit.EXE (90d50722-0483-4065-8e35-57efaadd354d)
Detects a certain command line flag combination used by "devinit.exe", which can be abused as a LOLBIN to download arbitrary MSI packages on a Windows system
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Arbitrary MSI Download Via Devinit.EXE (90d50722-0483-4065-8e35-57efaadd354d) | Sigma-Rules | System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | 1 |