Hide Navigation Hide TOC

Remote Code Execute via Winrm.vbs (9df0dd3a-1a5c-47e3-a2bc-30ed177646a0)

Detects an attempt to execute code or create service on remote host via winrm.vbs.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe)	Attack Pattern	Remote Code Execute via Winrm.vbs (9df0dd3a-1a5c-47e3-a2bc-30ed177646a0)	Sigma-Rules	1