Tag

Script

2 briefs RSS

Suspicious PowerShell Execution via Windows Script Host

Detection of PowerShell processes launched by cscript.exe or wscript.exe, indicative of potential malicious initial access or execution attempts.

Microsoft Defender XDR +2 initial-access execution windows powershell script

2r 4t Jan 3, 2024

high threat

Suspicious Script Execution from Temporary Directory

2 rules 1 TTP

This brief covers a detection for suspicious script execution, such as PowerShell, WScript, or MSHTA, originating from common temporary directories, potentially indicating malware activity.

exploited Windows execution script temp

2r 1t Jan 2, 2024