PowerShell Script With LDAP Query Capabilities

Rule Info

Name
PowerShell Script With LDAP Query Capabilities
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of a PowerShell script that leverage the "ActiveDirectory" .NET class for potential LDAP reconnaissance activity.
Reference
https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html
Date
2024-02-28 00:00:00
Modified
None
Id
6072018f-fdf7-4588-9ddd-d708af11d63f
Tags
attack.discovery attack.t1018
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022