Arbitrary Command Execution Using WSL (dec44ca7-61ad-493c-bfd7-8819c5faa09b)

Detects potential abuse of Windows Subsystem for Linux (WSL) binary as a LOLBIN to execute arbitrary Linux or Windows commands

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Arbitrary Command Execution Using WSL (dec44ca7-61ad-493c-bfd7-8819c5faa09b)	Sigma-Rules	Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	1
Arbitrary Command Execution Using WSL (dec44ca7-61ad-493c-bfd7-8819c5faa09b)	Sigma-Rules	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	1