Rule Category

MALWARE-OTHER --

Alert Message

MALWARE-OTHER Windows Management Instrumentation manipulation attempt

Rule Explanation

This event is generated when a compiled program contains calls to wmic.exe. Impact: A Network Trojan was detected Details: Windows Management Instrumentation is a feature within Windows that creates a uniform environment for local and remote administration of system components. A compiled application which invokes wmic.exe instead of leveraging Windows API calls is suspect. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Additional Links

Rule Vulnerability

CVE Additional Information