Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
Download a shell script from a remote location using the Python requests module.
Attacker's Goals
Adversaries may abuse Python commands and scripts to download additional malicious files or for exfiltration.
Investigative actions
Check whether the executing process is benign, and if this was a desired behavior as part of its normal execution flow.