Detecting Command and Control in RSA NetWitness: PowerShell Empire
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 389f7fa9-155a-4d3e-9e37-99d9f7e97ad5
Fingerprint fe579b508337ac51
Analysis status DONE
Considered CTI value 1
Text language
Published April 5, 2019, 9:19 a.m.
Added to db Jan. 18, 2023, 9:24 p.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline NetWitness Community
Title Detecting Command and Control in RSA NetWitness: PowerShell Empire
Detected Hints/Tags/Attributes 49/2/2
Source URLs
Redirection Url
Details Source https://community.rsa.com/community/products/netwitness/blog/2019/04/05/command-and-control-powershell-empire
URL Provider
Details Provider Source level domain
Details rsa.com community.rsa.com
Attributes
Details Type #Events CTI Value
Details Domain 61 
censys.io
Details Threat Actor Identifier - APT 297 
APT27