Show in Graph
Common Information
Type Value
Value 
PowerShell - T1059.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.(Citation: TechNet PowerShell) Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the <code>Start-Process</code> cmdlet which can be used to run an executable and the <code>Invoke-Command</code> cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems). PowerShell may also be used to download and run executables from the Internet, which can be executed from disk or in memory without touching disk. A number of PowerShell-based offensive testing tools are available, including [Empire](https://attack.mitre.org/software/S0363), [PowerSploit](https://attack.mitre.org/software/S0194), [PoshC2](https://attack.mitre.org/software/S0378), and PSAttack.(Citation: Github PSAttack) PowerShell commands/scripts can also be executed without directly invoking the <code>powershell.exe</code> binary through interfaces to PowerShell's underlying <code>System.Management.Automation</code> assembly DLL exposed through the .NET framework and Windows Common Language Interface (CLI).(Citation: Sixdub PowerPick Jan 2016)(Citation: SilentBreak Offensive PS Dec 2015)(Citation: Microsoft PSfromCsharp APR 2014)
Details Published Attributes CTI Title
Details Website 2024-11-05 5 Phishing Campaign Installs Backdoor-Loaded VM to Evade Antivirus and Harvest Credentials
Details Website 2024-11-05 2 ClickFix Exploits Users with Fake Errors and Malicious Code
Details Website 2024-11-05 0 How Black Basta used PowerShell to set up a Cobalt Strike beacon
Details Website 2024-11-05 3 Black Basta PowerShell script to establish a Cobalt Strike beacon
Details Website 2024-11-05 7 주간 탐지 룰(YARA, Snort) 정보 - 2024년 11월 1주차 - ASEC
Details Website 2024-11-05 7 Weekly Detection Rule (YARA and Snort) Information - Week 1, November 2024 - ASEC
Details Website 2024-11-05 1 Stealthy Strela Stealer Detection: Info-Stealing Malware Resurfaces with Enhanced Capabilities to Target Central and Southwestern Europe - SOC Prime
Details Website 2024-11-05 4 ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware
Details Website 2024-11-05 18 Hashing Basics | TryHackMe Walkthrough
Details Website 2024-11-05 3 新たなフィッシング攻撃でバックドアされたLinux VMにWindowsが感染 - PRSOL:CC
Details Website 2024-11-05 4 The Credential Abuse Cycle: Theft, Trade, and Exploitation - ReliaQuest
Details Website 2024-11-05 20 ClickFix tactic: Revenge of detection
Details Website 2024-11-05 0 Explosive Leaks! LoyLap and Grayscale Under Attack: New Threats on the Dark Web
Details Website 2024-11-05 59 Fancy Bear (APT28) APT IOCs - Part 11 - SEC-1275-1
Details Website 2024-11-05 28 Уклонение от EDR раскрывает инструментарий злоумышленников - SEC-1275-1
Details Website 2024-11-05 5 Embargo Ransomware IOCs - Part 2 - SEC-1275-1
Details Website 2024-11-05 99 Strela Stealer IOCs - Part 5 - SEC-1275-1
Details Website 2024-11-05 36 Akira Ransomware IOCs - Part 8 - SEC-1275-1
Details Website 2024-11-05 13 Lumma Stealer IOCs - Part 9 - SEC-1275-1
Details Website 2024-11-04 72 Silent Skimmer Gets Loud (Again)
Details Website 2024-11-04 31 TryHackMe Tempest Writeup
Details Website 2024-11-04 0 Windows Fundamentals 1 | TryHackMe Walkthrough
Details Website 2024-11-04 3 THREAT ANALYSIS: PROMETEI BOTNET
Details Website 2024-11-04 2 SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins
Details Website 2024-11-04 1 Hackers Downgrading Remote Desktop Security Setting For Unauthorized Access