Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Medium |
Description
AutoIT scripts have legitimate uses, but are often abused by malware to execute in a signed process context.
Attacker's Goals
Communicate with malware running on your network to control malware activities, perform software updates on the malware, or to take inventory of infected machines.
Investigative actions
- AutoIT scripts have legitimate uses, but are often abused by malware to execute in a signed process context.
- Identify the process contacting the remote domain and determine whether the traffic is malicious.