Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Powercat is a PowerShell implementation of netcat. Whilst it can be used as a legitimate administrative tool it can be abused by attackers to exfiltrate data. This query looks for command line activity downloading PowerCat.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 4846436d-5183-4a33-a975-fc892ffea91d |
| Tactics | Exfiltration |
| Techniques | T1011 |
| Required Connectors | SecurityEvents |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/ASimProcess/imProcess_PowerCatDownload.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊