LoFP
/
t1564.006
t1564.006
Title
Tags
false positives may be present if the application is legitimately used, filter by user or endpoint as needed.
t1059
t1564.003
t1564.006
endpoint
splunk
legitimate powershell scripts
t1003
t1003.003
t1003.006
t1033
t1036
t1036.003
t1057
t1070
t1070.003
t1083
t1201
t1546
t1546.015
t1553
t1553.005
t1562
t1562.001
t1564
t1564.006
t1615
windows
sigma
this may have false positives on hosts where virtualbox is legitimately being used for operations
t1564
t1564.006
windows
sigma
LoFP
/
t1564.006