Skip to content

Hide Navigation Hide TOC

Bad Opsec Powershell Code Artifacts (8d31a8ce-46b5-4dd6-bdc3-680931f1db86)

focuses on trivial artifacts observed in variants of prevalent offensive ps1 payloads, including Cobalt Strike Beacon, PoshC2, Powerview, Letmein, Empire, Powersploit, and other attack payloads that often undergo minimal changes by attackers due to bad opsec.

Cluster A Galaxy A Cluster B Galaxy B Level
Bad Opsec Powershell Code Artifacts (8d31a8ce-46b5-4dd6-bdc3-680931f1db86) Sigma-Rules PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2