Techniques
Sample rules
Malicious Windows Script Components File Execution by TAEF Detection
- source: sigma
- technicques:
- t1218
Description
Windows Test Authoring and Execution Framework (TAEF) framework allows you to run automation by executing tests files written on different languages (C, C#, Microsoft COM Scripting interfaces Adversaries may execute malicious code (such as WSC file with VBScript, dll and so on) directly by running te.exe
Detection logic
condition: selection
selection:
- Image|endswith: \te.exe
- ParentImage|endswith: \te.exe
- OriginalFileName: \te.exe