Extensible Stylesheet Language (XSL) files are commonly used to describe the processing and rendering of data within XML files. Rule detects when adversaries abuse this functionality to execute arbitrary files while potentially bypassing application whitelisting defenses.
Read MorePotential SquiblyTwo Technique Execution
Detects potential SquiblyTwo attack technique with possible renamed WMIC via Imphash and OriginalFileName fields
Read MoreDetects threat actors proxy executing code and bypassing application controls by leveraging wmic and the
/FORMAT
argument switch to download and execute an XSL file (i.e js, vbs, etc).
Read More