|
Any Powershell DownloadFile
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
PowerShell
Ingress Tool Transfer
|
TTP
|
Braodo Stealer, China-Nexus Threat Activity, Crypto Stealer, DarkCrystal RAT, Data Destruction, Hermetic Wiper, Ingress Tool Transfer, Log4Shell CVE-2021-44228, Malicious PowerShell, PHP-CGI RCE Attack on Japanese Organizations, PXA Stealer, Phemedrone Stealer, Salt Typhoon, XWorm
|
2025-06-23
|
|
Any Powershell DownloadString
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
PowerShell
Ingress Tool Transfer
|
TTP
|
Data Destruction, HAFNIUM Group, Hermetic Wiper, IcedID, Ingress Tool Transfer, Malicious PowerShell, PHP-CGI RCE Attack on Japanese Organizations, Phemedrone Stealer, SysAid On-Prem Software CVE-2023-47246 Vulnerability, Winter Vivern, XWorm
|
2025-06-23
|
|
Windows AD Suspicious GPO Modification
|
Windows Event Log Security 5136, Windows Event Log Security 5145
|
Windows File and Directory Permissions Modification
Group Policy Modification
|
TTP
|
Sneaky Active Directory Persistence Tricks
|
2025-06-16
|
|
Windows InstallUtil Uninstall Option with Network
|
Sysmon EventID 1, Sysmon EventID 3
|
InstallUtil
|
TTP
|
Compromised Windows Host, Living Off The Land, Signed Binary Proxy Execution InstallUtil
|
2025-06-26
|
