Deno Runtime as Malware Loader: LeakNet Ransomware Campaign

Detects abuse of the Deno runtime (open-source Node.js alternative) as a malware loading platform, a technique documented in the active LeakNet ransomware campaign. Deno executes remote code with granular permission flags that bypass PowerShell and wscript-based controls. Its presence on corporate endpoints is inherently anomalous.