Vim GTFOBin Abuse - Linux (7ab8f73a-fcff-428b-84aa-6a5ff7877dea)
Detects usage of "vim" and it's siblings as a GTFOBin to execute and proxy command and binary execution
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Vim GTFOBin Abuse - Linux (7ab8f73a-fcff-428b-84aa-6a5ff7877dea) | Sigma-Rules | File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) | Attack Pattern | 1 |