|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-05-08 | |
| Rule Name: | Tool Magic Unicorn Detected | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Magic Unicorn is a tool that converts shellcode into powershell commands, supports original powershell, hta, macro and other execution methods, and supports AMSI bypass. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows | |
| Reference: | ||
| Solutions |
|---|
| Disable Microsoft Office untrusted macro execution. Do not execute untrusted hta file. |