Skip to content

<<< Hide Navigation Hide TOC >>>

AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File (d353dac0-1b41-46c2-820c-d7d2561fc6ed)

Detects execution of attacker-controlled WsmPty.xsl or WsmTxt.xsl via winrm.vbs and copied cscript.exe (can be renamed)

Galaxy ColorsSigma-Rule...Attack Pat...
Rows: 1
Loading extensions...
Collapse filters
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Cluster A Galaxy A Cluster B Galaxy B Level
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File (d353dac0-1b41-46c2-820c-d7d2561fc6ed) Sigma-Rules System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) Attack Pattern 1