Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query was originally published in the threat analytics report, Python abuse on macOS The Python programming language comes bundled with macOS. In threat intelligence gathered from macOS endpoints, we have observed numerous attacks run with EmPyre, a Python-based post-exploitation framework similar to PowerShell Empire for Windows. The following query checks for Microsoft Office documents that run Python scripts. Reference - https://www.powershellempire.com/
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 5a227ae6-1f40-499a-a4cc-6f6a0cc4d286 |
| Tactics | Execution |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊