Hide Navigation Hide TOC HackTool - Jlaive In-Memory Assembly Execution (0a99eb3e-1617-41bd-b095-13dc767f3def) Detects the use of Jlaive to execute assemblies in a copied PowerShell Cluster A Galaxy A Cluster B Galaxy B Level Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern HackTool - Jlaive In-Memory Assembly Execution (0a99eb3e-1617-41bd-b095-13dc767f3def) Sigma-Rules 1 Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2