AppleScript interpreter dynamic library loaded into a process

Cortex XSIAM Analytics Alert Reference by Alert name

Product

Cortex XSIAM

Last date published

2026-01-04

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	1 Day
Required Data	Requires: XDR Agent
Detection Modules
Detector Tags	AppleScript Analytics
ATT&CK Tactic	Execution (TA0002)
ATT&CK Technique	Command and Scripting Interpreter: AppleScript (T1059.002)
Severity	Informational

The AppleScript interpreter dynamic library was loaded into a process.

Stealthily execute AppleScript code while evading script-based detections.

Analyze the process and determine whether it performs any malicious/suspicious actions.
Check the events generated by the process for potential malicious behavior.
Check whether the process was executed in an unusual way.

ATT&CK Tactic	Execution (TA0002)
ATT&CK Technique	Command and Scripting Interpreter: AppleScript (T1059.002)
Severity	Low

The AppleScript interpreter dynamic library was loaded into an unsigned applet.

Stealthily execute AppleScript code while evading script-based detections.

Analyze the process and determine whether it performs any malicious/suspicious actions.
Check the events generated by the process for potential malicious behavior.
Check whether the process was executed in an unusual way.

ATT&CK Tactic	Execution (TA0002)
ATT&CK Technique	Command and Scripting Interpreter: AppleScript (T1059.002)
Severity	Low

The AppleScript interpreter dynamic library was loaded into a process with an uncommon vendor signature.

Stealthily execute AppleScript code while evading script-based detections.

Analyze the process and determine whether it performs any malicious/suspicious actions.
Check the events generated by the process for potential malicious behavior.
Check whether the process was executed in an unusual way.