Script Interpreter Execution From Suspicious Folder (1228c958-e64e-4e71-92ad-7d429f4138ba)
Detects a suspicious script execution in temporary folders or folders accessible by environment variables
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | Script Interpreter Execution From Suspicious Folder (1228c958-e64e-4e71-92ad-7d429f4138ba) | Sigma-Rules | 1 |