Home/ MITRE Matrix/ Execution/ T1059.002

T1059.002AppleScript

T1059.002 — AppleScript is a MITRE ATT&CK technique in the Execution tactic. Clankerusecase tracks 3 detection use cases covering it and 2 threat-intel articles citing it.

Execution

View on the matrix → Filter Detection Library MITRE official spec ↗

3Use cases

2Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1059 · Command and Scripting Interpreter

Use cases covering this technique (3)

MacOS AMOS Stealer - Virtual Machine Check Activity ESCU actions · hunting P [LLM] osascript invoked with AppleScript breakout pattern (mismatched tell blocks + do shell script) Bespoke exploit · alerting DSΣPDDCS [LLM] macOS Axios RAT daemon spoof + ad-hoc codesign of hidden /private/tmp binary Bespoke install · alerting DSΣPDDCS

Articles citing this technique (2)

crit [GHSA / CRITICAL] CVE-2026-47252: Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin art-97

high Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT art-420