Home >
ICS >
Participants >
Claroty >
Command and Scripting Interpreter (T1059)
|
|
TRITON |
|||
Step | ATT&CK Pattern |
|
|
6.A.1
![]() |
Tactic Execution (TA0104) |
|
|
9.A.1
![]() |
Tactic Execution (TA0104) |
|
|
9.B.1
![]() |
Tactic Execution (TA0104) |
|
|
9.C.1
![]() |
Tactic Execution (TA0104) |
|
|
9.D.1
![]() |
Tactic Execution (TA0104) |
|
|
9.E.1
![]() |
Tactic Execution (TA0104) |
|
|
11.B.1
![]() |
Tactic Execution (TA0104) |
|
|
16.A.1
![]() |
Tactic Execution (TA0104) |
|
|
16.B.1
![]() |
Tactic Execution (TA0104) |
|
|
16.C.1
![]() |
Tactic Execution (TA0104) |
|
|
16.D.1
![]() |
Tactic Execution (TA0104) |
|
|
20.A.1
![]() |
Tactic Execution (TA0104) |
|
|
20.B.1
![]() |
Tactic Execution (TA0104) |
|
|
20.C.1
![]() |
Tactic Execution (TA0104) |
|
|
20.D.1
![]() |
Tactic Execution (TA0104) |
|
|
21.E.1
![]() |
Tactic Execution (TA0104) |
|
|
21.F.1
![]() |
Tactic Execution (TA0104) |
|
|
22.A.1
![]() |
Tactic Execution (TA0104) |
|
|
22.B.1
![]() |
Tactic Execution (TA0104) |
|
|
24.A.1
![]() |
Tactic Execution (TA0104) |
|
|
24.B.1
![]() |
Tactic Execution (TA0104) |
|
|
24.C.1
![]() |
Tactic Execution (TA0104) |
|
|
25.E.1
![]() |
Tactic Execution (TA0104) |
|
|
25.G.1
![]() |
Tactic Execution (TA0104) |
|
Criteria
Evidence that the "install-csp.ps1" script was executed on the control EWS (10.0.100.20) via PowerShell (using the bypass execution policy).
Criteria
Evidence that the "install-csp.ps1" script was executed on the safety EWS (10.0.100.15) via PowerShell (using the bypass execution policy).