LoFP
/
t1027.004
t1027.004
Title
Tags
a network operator or systems administrator may utilize an automated powershell script taht execute .net code that may generate false positive. filter is needed.
t1027
t1027.004
endpoint
splunk
ansible
t1027
t1027.004
windows
sigma
legitimate microsoft software - https://twitter.com/gabriele_pippi/status/1206907900268072962
t1027
t1027.004
windows
sigma
legitimate software from program files - https://twitter.com/gn3mes1s/status/1206874118282448897
t1027
t1027.004
windows
sigma
legitimate use of dnx.exe by legitimate user
t1027
t1027.004
t1218
windows
sigma
utilization of this tool should not be seen in enterprise environment
t1027
t1027.004
windows
sigma
LoFP
/
t1027.004