Product
high
advisory
Windows Hosts Querying Abused Web Services
2 rules 1 TTP 33 IOCsSuspicious processes on Windows hosts are making DNS queries to known, abused web services such as text-paste sites, file sharing platforms, and tunneling services, potentially indicating malware downloading or command and control activity.
Microsoft Windows +4
abused-web-services
command-and-control
windows
2r
1t
33i
medium
advisory
Potential PowerShell Obfuscated Script via High Entropy
2 rules 3 TTPsThis rule detects potential PowerShell obfuscated scripts by identifying script blocks with high entropy and non-uniform character distributions, which attackers use to evade signature-based detections.
Microsoft Windows +1
powershell
obfuscation
defense_evasion
windows
2r
3t