Visual Studio Code Tunnel Execution (90d6bd71-dffb-4989-8d86-a827fedd6624)

Detects Visual Studio Code tunnel execution. Attackers can abuse this functionality to establish a C2 channel

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Visual Studio Code Tunnel Execution (90d6bd71-dffb-4989-8d86-a827fedd6624)	Sigma-Rules	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2