==================================================

CREATED: WIN-WMIC-SERVICE-DISABLE (#2050)

Description

This detector identifies instances of the Windows Management Instrumentation Command (wmic.exe) executing with command lines aimed to disable or stop services which can hinder the response to an incident, or aid in the adversary's overall objectives. 

ATT&CK Technique T1489

==================================================

CREATED: NIX-OPENSSL-DECRYPT-TMP (#2085)

Description

This detector identifies OpenSSL decrypting or decoding files in temporary locations. This behavior has been observed with variants of malware delivery on macOS platforms. 

ATT&CK Technique T1027

Did this answer your question?