Suspicious TCP Tunnel Via PowerShell Script (bd33d2aa-497e-4651-9893-5c5364646595)
Detects powershell scripts that creates sockets/listeners which could be indicative of tunneling activity
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level | 
|---|---|---|---|---|
| Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) | Attack Pattern | Suspicious TCP Tunnel Via PowerShell Script (bd33d2aa-497e-4651-9893-5c5364646595) | Sigma-Rules | 1 |