Deno Runtime Abused as Malware Loader (LeakNet TTP)

Detects suspicious execution of the Deno JavaScript runtime outside developer contexts, matching the LeakNet ransomware gang technique of using the open-source Deno runtime as a malware loader for initial access. Flags Deno processes spawned from non-developer parents with execution or network permission flags