1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: PowerShell Shell Activity

System Infected: PowerShell Shell Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects PowerShell activity over network.

Additional Information

Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework.

There are multiple exploitation frameworks that use Powershell as one of a vector to execute commands on remote machine.

Affected

  • Various Windows Platforms.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube