Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query was originally published in the threat analytics report, Python abuse on macOS The Python programming language comes bundled with macOS. In threat intelligence gathered from macOS endpoints, we have observed numerous attacks run with EmPyre, a Python-based post-exploitation framework similar to PowerShell Empire for Windows. The following query checks for Microsoft Office documents that run Python scripts. Reference - https://www.powershellempire.com/
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 5a227ae6-1f40-499a-a4cc-6f6a0cc4d286 |
| Tactics | Execution |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Execution/python-based-attacks-on-macos.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊