Skip to content

DS0012 Script

A file or stream containing a list of commands, allowing them to be launched in sequence123

Item Value
ID DS0012
Platforms Windows
Collection Layers Host
Version 1.0
Created 20 October 2021
Last Modified 10 November 2021

Data Components

Script Execution

Launching a list of commands through a script file (ex: Windows EID 4104)

Domain ID Name
enterprise T1560 Archive Collected Data
enterprise T1560.002 Archive via Library
enterprise T1560.003 Archive via Custom Method
enterprise T1119 Automated Collection
enterprise T1020 Automated Exfiltration
enterprise T1059 Command and Scripting Interpreter
enterprise T1059.001 PowerShell
enterprise T1059.005 Visual Basic
enterprise T1059.007 JavaScript
enterprise T1005 Data from Local System
enterprise T1140 Deobfuscate/Decode Files or Information
enterprise T1482 Domain Trust Discovery
enterprise T1615 Group Policy Discovery
enterprise T1564 Hide Artifacts
enterprise T1564.003 Hidden Window
enterprise T1564.007 VBA Stomping
enterprise T1562 Impair Defenses
enterprise T1562.002 Disable Windows Event Logging
enterprise T1056 Input Capture
enterprise T1056.002 GUI Input Capture
enterprise T1559 Inter-Process Communication
enterprise T1559.001 Component Object Model
enterprise T1559.002 Dynamic Data Exchange
enterprise T1620 Reflective Code Loading
enterprise T1016 System Network Configuration Discovery
enterprise T1216 System Script Proxy Execution
enterprise T1216.001 PubPrn


Back to top