Powershell.Payload.Web.Delivery
Description
This indicates an attempt to establish a remote connection to a target Windows machine with Powershell installed.
An attacker can input commands to the targeted Windows machine and download and execute payload on it. This attack vector does not write to disk so is unlikely to trigger AV solutions and will cause local privilege escalations.
Affected Products
Windows x86 with Powershell installed
Windows x64 with Powershell installed
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |