Skip to content

Hide Navigation Hide TOC

File Creation In Suspicious Directory By Msdt.EXE (318557a5-150c-4c8d-b70e-a9910e199857)

Detects msdt.exe creating files in suspicious directories which could be a sign of exploitation of either Follina or Dogwalk vulnerabilities

Cluster A Galaxy A Cluster B Galaxy B Level
File Creation In Suspicious Directory By Msdt.EXE (318557a5-150c-4c8d-b70e-a9910e199857) Sigma-Rules Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2