Suspicious Invoke-WebRequest Execution With DirectIP (1edff897-9146-48d2-9066-52e8d8f80a2f)
Detects calls to PowerShell with Invoke-WebRequest cmdlet using direct IP access
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) | Attack Pattern | Suspicious Invoke-WebRequest Execution With DirectIP (1edff897-9146-48d2-9066-52e8d8f80a2f) | Sigma-Rules | 1 |