==================================================

CREATED: WIN-POWERSHELL-BASE64-METHOD (#1887)

Description

This detector identifies use of .NET base64 methods in PowerShell. This activity is often used by attackers to obfuscate the use of malicious code on an endpoint.

ATT&CK Technique T1086

==================================================

CREATED: OSX-SINGLE-LETTER-PROCESS-EXECUTION (#1899)

Description

This detector identifies single letter processes executing on macOS. Execution of these binaries is commonly seen with Shlayer malware.

Did this answer your question?