<<< Hide Navigation Hide TOC >>>

AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File (d353dac0-1b41-46c2-820c-d7d2561fc6ed)

Detects execution of attacker-controlled WsmPty.xsl or WsmTxt.xsl via winrm.vbs and copied cscript.exe (can be renamed)

Rows: 1

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Sigma-Rules		Clear Attack Pattern	Clear 1
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File (d353dac0-1b41-46c2-820c-d7d2561fc6ed)	Sigma-Rules	System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe)	Attack Pattern	1