Skip to content

Hide Navigation Hide TOC

Bad Opsec Powershell Code Artifacts (8d31a8ce-46b5-4dd6-bdc3-680931f1db86)

focuses on trivial artifacts observed in variants of prevalent offensive ps1 payloads, including Cobalt Strike Beacon, PoshC2, Powerview, Letmein, Empire, Powersploit, and other attack payloads that often undergo minimal changes by attackers due to bad opsec.

Cluster A Galaxy A Cluster B Galaxy B Level
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Bad Opsec Powershell Code Artifacts (8d31a8ce-46b5-4dd6-bdc3-680931f1db86) Sigma-Rules 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2