Skip to content

Hide Navigation Hide TOC

Potential Data Exfiltration Activity Via CommandLine Tools (7d1aaf3d-4304-425c-b7c3-162055e0b3ab)

Detects the use of various CLI utilities exfiltrating data via web requests

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Data Exfiltration Activity Via CommandLine Tools (7d1aaf3d-4304-425c-b7c3-162055e0b3ab) Sigma-Rules PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2