Common Information
| Type | Value |
|---|---|
| Value |
powershell.exe |
| Category | |
| Type | File |
| Misp Type | |
| Description |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2017-05-12 | 7 | First entry: Welcome and fileless UAC bypass | ||
| Details | Website | 2017-05-12 | 2 | A Technique to Run Scripts Asynchronously via AppSense Environment Manager | ||
| Details | Website | 2017-05-11 | 5 | PowerShell Direct (few internals) | ||
| Details | Website | 2017-05-08 | 23 | AppLocker Bypass – InstallUtil | ||
| Details | 2017-05-04 | 9 | The Probability of Loss | |||
| Details | Website | 2017-05-02 | 83 | UNKNOWN | ||
| Details | Website | 2017-05-02 | 3 | Cerber Version 6 Shows How Far the Ransomware Has Come | ||
| Details | Website | 2017-04-27 | 33 | OilRig Actors Provide a Glimpse into Development and Testing Efforts | ||
| Details | Website | 2017-04-21 | 14 | Add-In Opportunities for Office Persistence | ||
| Details | Website | 2017-04-18 | 3 | Getting Started with WMI Weaponization - Part 5 | ||
| Details | Website | 2017-04-11 | 22 | Chronicles of a Threat Hunter: Hunting for Remotely Executed Code via Services & Lateral Movement with Sysmon, Win Event Logs, and ELK | ||
| Details | Website | 2017-04-06 | 16 | Getting Started with WMI Weaponization - Part 2 | ||
| Details | Website | 2017-04-04 | 9 | SiteKiosk Breakout - Security Risk Advisors | ||
| Details | Website | 2017-03-30 | 4 | Understanding How .LINK Files Work | ||
| Details | Website | 2017-03-22 | 12 | Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon and ELK - Part II (Event ID 10) | ||
| Details | Website | 2017-03-22 | 22 | Microsoft Word File Spreads Malware Targeting Both Apple Mac OS X and Microsoft Windows | ||
| Details | Website | 2017-03-20 | 5 | Simple Bypass for PowerShell Constrained Language Mode | ||
| Details | 2017-03-20 | 204 | OILRIG CAMPAIGN ANALYSIS | |||
| Details | Website | 2017-03-12 | 6 | PowerShell Execution Argument Obfuscation (& How It Can Make Detection Easier!) — Daniel Bohannon | ||
| Details | Website | 2017-03-10 | 710 | Pulling Back the Curtains on EncodedCommand PowerShell Attacks | ||
| Details | Website | 2017-02-28 | 20 | Log - Sysmon 6 Windows Event Collection | ||
| Details | Website | 2017-02-16 | 5 | Putting attackers in hi vis jackets with sysmon - Nettitude Labs | ||
| Details | Website | 2017-02-15 | 40 | The Full Shamoon: How the Devastating Malware Was Inserted Into Networks | ||
| Details | Website | 2017-02-15 | 37 | Highly personalised malspam making extensive use of hijacked domains | ||
| Details | Website | 2017-02-13 | 3 | When even Process Monitor isn’t enough |