<<< Hide Navigation Hide TOC >>>
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File (d353dac0-1b41-46c2-820c-d7d2561fc6ed)
Detects execution of attacker-controlled WsmPty.xsl or WsmTxt.xsl via winrm.vbs and copied cscript.exe (can be renamed)
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File (d353dac0-1b41-46c2-820c-d7d2561fc6ed) | Sigma-Rules | System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) | Attack Pattern | 1 |