LoFP
/
t1547.006
t1547.006
Title
Tags
administrator or network operator can create file in this folders for automation purposes. please update the filter macros to remove false positives.
T1037.004
t1547.006
endpoint
splunk
administrator or network operator can execute this command. please update the filter macros to remove false positives.
T1003.008
t1016
t1070.004
t1136.001
t1222.002
t1485
t1547.006
t1548.001
t1548.003
t1574.006
endpoint
splunk
administrator or network operator can use this application for automation purposes. please update the filter macros to remove false positives.
t1016
t1030
t1033
t1053.002
t1053.003
t1083
t1136.001
t1140
t1222.002
t1485
t1489
t1546.004
t1547.006
t1552.004
t1555.005
t1562.004
T1562.012
t1569.002
t1574.006
endpoint
splunk
false positives may be present, filter as needed.
t1068
t1069.002
t1105
t1133
t1190
t1547.006
t1548.003
web server
endpoint
splunk
false positives should be limited as this is a strict primary indicator used by snake malware.
t1547.006
t1569.002
endpoint
splunk
LoFP
/
t1547.006