CREATED: WIN-WMIC-SERVICE-DISABLE (#2050)
This detector identifies instances of the Windows Management Instrumentation Command (
wmic.exe) executing with command lines aimed to disable or stop services which can hinder the response to an incident, or aid in the adversary's overall objectives.
ATT&CK Technique T1489
CREATED: NIX-OPENSSL-DECRYPT-TMP (#2085)
This detector identifies OpenSSL decrypting or decoding files in temporary locations. This behavior has been observed with variants of malware delivery on macOS platforms.
ATT&CK Technique T1027