Diagnostic Library Sdiageng.DLL Loaded By Msdt.EXE (ec8c4047-fad9-416a-8c81-0f479353d7f6)
Detects both of CVE-2022-30190 (Follina) and DogWalk vulnerabilities exploiting msdt.exe binary to load the "sdiageng.dll" library
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) | Attack Pattern | Diagnostic Library Sdiageng.DLL Loaded By Msdt.EXE (ec8c4047-fad9-416a-8c81-0f479353d7f6) | Sigma-Rules | 1 |