Rule Info
Name
Remote XSL Execution Via Msxsl.EXE
Author
Swachchhanda Shrawan Poudel
Description
Detects the execution of the "msxsl" binary with an "http" keyword in the command line. This might indicate a potential remote execution of XSL files.
Date
2023-11-09 00:00:00
Modified
None
Id
75d0a94e-6252-448d-a7be-d953dff527bb
Tags
attack.defense-evasion attack.t1220 DEMO
Type
Community Rule
Link to Public Repo