EXPLORE
Sign In
← Back to Explore
T1059.011

Lua

Adversaries may abuse Lua commands and scripts for execution. Lua is a cross-platform scripting and programming language primarily designed for embedded use in applications. Lua can be executed on the command-line (through the stand-alone lua interpreter), via scripts (<code>.lua</code>), or from Lua-embedded programs (through the <code>struct lua_State</code>).(Citation: Lua main page)(Citation: Lua state) Lua scripts may be executed by adversaries for malicious purposes. Adversaries may incor...

LinuxNetwork DevicesWindowsmacOS
9
Detections
1
Sources
0
Threat Actors

BY SOURCE

9elastic

PROCEDURES (9)

Persist1 detections

Auto-extracted: 1 detections for persist

Base641 detections

Auto-extracted: 1 detections for base64

Base641 detections

Auto-extracted: 1 detections for base64

Obfuscat1 detections

Auto-extracted: 1 detections for obfuscat

Remote1 detections

Auto-extracted: 1 detections for remote

Container1 detections

Auto-extracted: 1 detections for container

Remote1 detections

Auto-extracted: 1 detections for remote

Persist1 detections

Auto-extracted: 1 detections for persist

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

DETECTIONS (9)

Base64 Decoded Payload Piped to Interpreter
elastichigh
Decoded Payload Piped to Interpreter Detected via Defend for Containers
elastichigh
Potential Hex Payload Execution via Common Utility
elasticlow
Potential Reverse Shell via UDP
elasticmedium
Process Spawned from Message-of-the-Day (MOTD)
elastichigh
Suspicious Interpreter Execution Detected via Defend for Containers
elasticmedium
Suspicious React Server Child Process
elastichigh
Unusual Process Spawned from Web Server Parent
elasticlow
Web Server Potential Command Injection Request
elasticlow