Suspicious Execution via macOS Script Editor (6e4dcdd1-e48b-42f7-b2d8-3b413fc58cb4)

Detects when the macOS Script Editor utility spawns an unusual child process.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious Execution via macOS Script Editor (6e4dcdd1-e48b-42f7-b2d8-3b413fc58cb4)	Sigma-Rules	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Suspicious Execution via macOS Script Editor (6e4dcdd1-e48b-42f7-b2d8-3b413fc58cb4)	Sigma-Rules	1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Suspicious Execution via macOS Script Editor (6e4dcdd1-e48b-42f7-b2d8-3b413fc58cb4)	Sigma-Rules	1
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb)	Attack Pattern	Suspicious Execution via macOS Script Editor (6e4dcdd1-e48b-42f7-b2d8-3b413fc58cb4)	Sigma-Rules	1
Suspicious Execution via macOS Script Editor (6e4dcdd1-e48b-42f7-b2d8-3b413fc58cb4)	Sigma-Rules	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	1
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Suspicious Execution via macOS Script Editor (6e4dcdd1-e48b-42f7-b2d8-3b413fc58cb4)	Sigma-Rules	1
Suspicious Execution via macOS Script Editor (6e4dcdd1-e48b-42f7-b2d8-3b413fc58cb4)	Sigma-Rules	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	1
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2