Red Canary vs. PoshRAT
Tags
attack-pattern: Model Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Mshta - T1170 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 4537c0dc-7620-4179-b2ab-af3b4295b5da
Fingerprint b4818d85bb74814f
Analysis status DONE
Considered CTI value 0
Text language
Published June 7, 2022, midnight
Added to db Jan. 18, 2023, 10:12 p.m.
Last updated Nov. 18, 2024, 1:24 p.m.
Headline Red Canary vs. PoshRAT: Detection in the Absence of Malware
Title Red Canary vs. PoshRAT
Detected Hints/Tags/Attributes 32/1/5
Source URLs
Redirection Url
Details Source https://redcanary.com/blog/poshrat-detection/
URL Provider
Details Provider Source level domain
Details redcanary.com redcanary.com
Attributes
Details Type #Events CTI Value
Details File 1212 
powershell.exe
Details File 76 
netsh.exe
Details File 1122 
svchost.exe
Details File 457 
mshta.exe
Details File 2130 
cmd.exe