HackTool - SharpWSUS/WSUSpendu Execution (b0ce780f-10bd-496d-9067-066d23dc3aa5)
Detects the execution of SharpWSUS or WSUSpendu, utilities that allow for lateral movement through WSUS. Windows Server Update Services (WSUS) is a critical component of Windows systems and is frequently configured in a way that allows an attacker to circumvent internal networking limitations.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) | Attack Pattern | HackTool - SharpWSUS/WSUSpendu Execution (b0ce780f-10bd-496d-9067-066d23dc3aa5) | Sigma-Rules | 1 |