Skip to content

Hide Navigation Hide TOC

Malicious PowerShell Commandlets - ProcessCreation (02030f2f-6199-49ec-b258-ea71b07e03dc)

Detects Commandlet names from well-known PowerShell exploitation frameworks

Cluster A Galaxy A Cluster B Galaxy B Level
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Malicious PowerShell Commandlets - ProcessCreation (02030f2f-6199-49ec-b258-ea71b07e03dc) Sigma-Rules 1
Malicious PowerShell Commandlets - ProcessCreation (02030f2f-6199-49ec-b258-ea71b07e03dc) Sigma-Rules Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 1
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Malicious PowerShell Commandlets - ProcessCreation (02030f2f-6199-49ec-b258-ea71b07e03dc) Sigma-Rules 1
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern Malicious PowerShell Commandlets - ProcessCreation (02030f2f-6199-49ec-b258-ea71b07e03dc) Sigma-Rules 1
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Malicious PowerShell Commandlets - ProcessCreation (02030f2f-6199-49ec-b258-ea71b07e03dc) Sigma-Rules 1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Malicious PowerShell Commandlets - ProcessCreation (02030f2f-6199-49ec-b258-ea71b07e03dc) Sigma-Rules 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Malicious PowerShell Commandlets - ProcessCreation (02030f2f-6199-49ec-b258-ea71b07e03dc) Sigma-Rules 1
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Malicious PowerShell Commandlets - ProcessCreation (02030f2f-6199-49ec-b258-ea71b07e03dc) Sigma-Rules 1
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2