D3-SEA

Detect
Script Execution Analysis

Definition

Analyzing the execution of a script to detect unauthorized user activity.

How it works

Software installed on the host system hooks into a scripting engine to intercept commands before they are executed and block commands if they are determined to be harmful. Pattern matching is used to identify unauthorized commands or in the case of script files, a hash of the file is compared against hashes of known unauthorized script files.

Considerations

List of known unauthorized script files or regular expression patterns must be kept up to date to ensure detection of new threats.

Artifact Relationships

This defensive technique relates to specific digital artifacts.

analyzes
Script Execution Analysis
Script Application Process

References

Reference - Detecting script-based malware - Crowdstrike Inc