LoFP
/
t1059.007
t1059.007
Title
Tags
automation scripting language may used by network operator to do ldap query.
t1059.007
endpoint
splunk
false positives depend on scripts and administrative tools used in the monitored environment
t1036
t1059
t1059.007
t1082
t1087
t1105
t1140
t1218
t1218.005
t1218.007
t1218.011
windows
sigma
legitimate software uses the scripts (preinstall, postinstall)
t1059
t1059.007
t1071
t1071.001
macos
sigma
legitimate usage of deno to request a file or bring a dll to a host
t1059
t1059.007
t1105
t1204
windows
sigma
need tuning applocker or add exceptions in siem
t1059
t1059.001
t1059.003
t1059.005
t1059.006
t1059.007
t1204
t1204.002
windows
sigma
some installers might generate a similar behavior. an initial baseline is required
t1059
t1059.005
t1059.007
windows
sigma
LoFP
/
t1059.007