PowerShell Script With File Hostname Resolving Capabilities (fbc5e92f-3044-4e73-a5c6-1c4359b539de)
Detects PowerShell scripts that have capabilities to read files, loop through them and resolve DNS host entries.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| PowerShell Script With File Hostname Resolving Capabilities (fbc5e92f-3044-4e73-a5c6-1c4359b539de) | Sigma-Rules | Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) | Attack Pattern | 1 |