Rule Category


Alert Message

MALWARE-OTHER Windows Management Instrumentation manipulation attempt

Rule Explanation

This event is generated when a compiled program contains calls to wmic.exe. Impact: A Network Trojan was detected Details: Windows Management Instrumentation is a feature within Windows that creates a uniform environment for local and remote administration of system components. A compiled application which invokes wmic.exe instead of leveraging Windows API calls is suspect. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives


Cisco Talos Intelligence Group

MITRE ATT&CK Framework



For reference, see the MITRE ATT&CK vulnerability types here:

Additional Links

Rule Vulnerability

CVE Additional Information