Skip to content

Hide Navigation Hide TOC

Visual Studio Code Tunnel Shell Execution (f4a623c2-4ef5-4c33-b811-0642f702c9f1)

Detects the execution of a shell (powershell, bash, wsl...) via Visual Studio Code tunnel. Attackers can abuse this functionality to establish a C2 channel and execute arbitrary commands on the system.

Cluster A Galaxy A Cluster B Galaxy B Level
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Visual Studio Code Tunnel Shell Execution (f4a623c2-4ef5-4c33-b811-0642f702c9f1) Sigma-Rules 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2