PUA - Wsudo Suspicious Execution (bdeeabc9-ff2a-4a51-be59-bb253aac7891)
Detects usage of wsudo (Windows Sudo Utility). Which is a tool that let the user execute programs with different permissions (System, Trusted Installer, Administrator...etc)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| PUA - Wsudo Suspicious Execution (bdeeabc9-ff2a-4a51-be59-bb253aac7891) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |