Windows Binary Executed From WSL (ed825c86-c009-4014-b413-b76003e33d35)
Detects the execution of Windows binaries from within a WSL instance. This could be used to masquerade parent-child relationships
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) | Attack Pattern | Windows Binary Executed From WSL (ed825c86-c009-4014-b413-b76003e33d35) | Sigma-Rules | 1 |