LoFP
/
t1547.006
t1547.006
Title
Tags
administrator or network operator can create file in this folders for automation purposes. please update the filter macros to remove false positives.
t1037
T1037.004
t1547
t1547.006
endpoint
splunk
administrator or network operator can execute this command. please update the filter macros to remove false positives.
t1003
T1003.008
t1016
t1070
t1070.004
t1136
t1136.001
t1222
t1222.002
t1485
t1547
t1547.006
t1548
t1548.001
t1548.003
t1574
t1574.006
endpoint
splunk
false positives may be present, filter as needed.
t1068
t1069.002
t1105
t1133
t1190
t1547.006
t1548
t1548.003
endpoint
web server
splunk
false positives should be limited as this is a strict primary indicator used by snake malware.
t1547.006
t1569.002
endpoint
splunk
LoFP
/
t1547.006