|
Any Powershell DownloadFile
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
PowerShell
Ingress Tool Transfer
|
TTP
|
Braodo Stealer, China-Nexus Threat Activity, Crypto Stealer, DarkCrystal RAT, Data Destruction, Hermetic Wiper, Ingress Tool Transfer, Log4Shell CVE-2021-44228, Malicious PowerShell, PHP-CGI RCE Attack on Japanese Organizations, PXA Stealer, Phemedrone Stealer, Salt Typhoon, XWorm
|
2025-06-23
|
|
Any Powershell DownloadString
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
PowerShell
Ingress Tool Transfer
|
TTP
|
Data Destruction, HAFNIUM Group, Hermetic Wiper, IcedID, Ingress Tool Transfer, Malicious PowerShell, PHP-CGI RCE Attack on Japanese Organizations, Phemedrone Stealer, SysAid On-Prem Software CVE-2023-47246 Vulnerability, Winter Vivern, XWorm
|
2025-06-23
|
|
Splunk Command and Scripting Interpreter Risky Commands
|
Splunk
|
Command and Scripting Interpreter
|
Hunting
|
Splunk Vulnerabilities
|
2025-07-16
|
|
Splunk Command and Scripting Interpreter Risky SPL MLTK
|
Splunk
|
Command and Scripting Interpreter
|
Anomaly
|
Splunk Vulnerabilities
|
2025-07-21
|
|
Windows InstallUtil Uninstall Option with Network
|
Sysmon EventID 1, Sysmon EventID 3
|
InstallUtil
|
TTP
|
Compromised Windows Host, Living Off The Land, Signed Binary Proxy Execution InstallUtil
|
2025-06-26
|
