<<< Hide Navigation Hide TOC >>>

Msxsl.EXE Execution (9e50a8b3-dd05-4eb8-9153-bdb6b79d50b0)

Detects the execution of the MSXSL utility. This can be used to execute Extensible Stylesheet Language (XSL) files. These files are commonly used to describe the processing and rendering of data within XML files. Adversaries can abuse this functionality to execute arbitrary files while potentially bypassing application whitelisting defenses.

Rows: 1

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Sigma-Rules		Clear Attack Pattern	Clear 1
Msxsl.EXE Execution (9e50a8b3-dd05-4eb8-9153-bdb6b79d50b0)	Sigma-Rules	XSL Script Processing - T1220 (ebbe170d-aa74-4946-8511-9921243415a3)	Attack Pattern	1