Vendor
high
advisory
Renamed Automation Script Interpreter Detection
2 rules 2 TTPsThis rule identifies renamed Automation Script Interpreter processes, often used by malware written in AutoIt/AutoHotKey to evade detection by renaming the executable.
AutoIt +2
defense-evasion
execution
masquerading
windows
2r
2t
high
advisory
Detection of Windows AutoIt3 Execution
2 rules 1 TTPDetects execution of AutoIt3, a scripting language used for Windows GUI automation, often abused by attackers to automate malicious actions such as executing malware, potentially leading to unauthorized code execution and system compromise.
AutoIt3
scripting
malware
execution
windows
2r
1t