Hide Navigation Hide TOC Malicious PowerShell Commandlets - ScriptBlock (89819aa4-bbd6-46bc-88ec-c7f7fe30efa6) Detects Commandlet names from well-known PowerShell exploitation frameworks Cluster A Galaxy A Cluster B Galaxy B Level Malicious PowerShell Commandlets - ScriptBlock (89819aa4-bbd6-46bc-88ec-c7f7fe30efa6) Sigma-Rules Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 1 Malicious PowerShell Commandlets - ScriptBlock (89819aa4-bbd6-46bc-88ec-c7f7fe30efa6) Sigma-Rules Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 1 Malicious PowerShell Commandlets - ScriptBlock (89819aa4-bbd6-46bc-88ec-c7f7fe30efa6) Sigma-Rules PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1 Malicious PowerShell Commandlets - ScriptBlock (89819aa4-bbd6-46bc-88ec-c7f7fe30efa6) Sigma-Rules Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 1 Malicious PowerShell Commandlets - ScriptBlock (89819aa4-bbd6-46bc-88ec-c7f7fe30efa6) Sigma-Rules Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 1 Malicious PowerShell Commandlets - ScriptBlock (89819aa4-bbd6-46bc-88ec-c7f7fe30efa6) Sigma-Rules Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 1 Malicious PowerShell Commandlets - ScriptBlock (89819aa4-bbd6-46bc-88ec-c7f7fe30efa6) Sigma-Rules Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 1 Malicious PowerShell Commandlets - ScriptBlock (89819aa4-bbd6-46bc-88ec-c7f7fe30efa6) Sigma-Rules Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 1 Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2 Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2 PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2 Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2 Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2