Monitor file changes in Windows with PowerShell and pswatch
Tags
attack-pattern: Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003 Tool - T1588.002 Powershell - T1086 Third-Party Software - T1072
Show in Graph
Common Information
Type Value
UUID db7584e2-df07-4ca9-92cd-74d3f463fd88
Fingerprint 56ab8a2ae9a025c0
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 1, 2019, 8:02 p.m.
Added to db Jan. 18, 2023, 8:02 p.m.
Last updated Nov. 19, 2024, 6:54 p.m.
Headline Monitor file changes in Windows with PowerShell and pswatch
Title Monitor file changes in Windows with PowerShell and pswatch
Detected Hints/Tags/Attributes 14/1/8
Source URLs
Redirection Url
Details Source https://4sysops.com/archives/monitor-file-changes-in-windows-with-powershell-and-pswatch/
URL Provider
Details Provider Source level domain
Details 4sysops.com 4sysops.com
Attributes
Details Type #Events CTI Value
Details Domain 228 
system.io
Details Domain 319 
bit.ly
Details Domain 107 
domain.com
Details Domain 2 
smtp.domain.com
Details Email 1 
alerts@domain.com
Details Email 1 
dan@domain.com
Details File 1 
c:\examplefolder\test\newfile.txt
Details Url 1 
http://bit.ly/install-pswatch