Launching a list of commands through a script file (ex: Windows EID 4104)
Launching a list of commands through a script file (ex: Windows EID 4104)
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1560 | Archive Collected Data | |
| .002 | Archive via Library | ||
| .003 | Archive via Custom Method | ||
| Enterprise | T1119 | Automated Collection | |
| Enterprise | T1020 | Automated Exfiltration | |
| Enterprise | T1059 | Command and Scripting Interpreter | |
| .001 | PowerShell | ||
| .005 | Visual Basic | ||
| .007 | JavaScript | ||
| Enterprise | T1005 | Data from Local System | |
| Enterprise | T1140 | Deobfuscate/Decode Files or Information | |
| Enterprise | T1482 | Domain Trust Discovery | |
| Enterprise | T1615 | Group Policy Discovery | |
| Enterprise | T1564 | Hide Artifacts | |
| .003 | Hidden Window | ||
| .007 | VBA Stomping | ||
| Enterprise | T1562 | Impair Defenses | |
| .002 | Disable Windows Event Logging | ||
| Enterprise | T1056 | .002 | Input Capture: GUI Input Capture |
| Enterprise | T1559 | Inter-Process Communication | |
| .001 | Component Object Model | ||
| .002 | Dynamic Data Exchange | ||
| Enterprise | T1620 | Reflective Code Loading | |
| Enterprise | T1216 | Signed Script Proxy Execution | |
| .001 | PubPrn | ||
| Enterprise | T1016 | System Network Configuration Discovery | |