Rule Info
Name
OSACompile Run-Only Execution
Author
Sohan G (D4rkCiph3r)
Description
Detects potential suspicious run-only executions compiled using OSACompile
Reference
Date
2023-01-31 00:00:00
Modified
None
Id
b9d9b652-d8ed-4697-89a2-a1186ee680ac
Tags
attack.t1059.002 attack.execution DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
Merge PR #4611 from @nasbench - Promote Older Rules Status From `experimental` To `test`
2023-12-01
D4rkCiph3r
Update and rename proc_creation_macos_osacompile_run-only_execution.yml to proc_creation_macos_osacompile_runonly_execution.yml
2023-01-31