Intel Name: Invocation of crypto-classes from the “cryptography” powershell namespace
Date of Scan: October 3, 2024
Impact: Medium
Summary: Identifies the execution of PowerShell commands that reference classes from the “System.Security.Cryptography” namespace. This namespace offers classes for real-time encryption and decryption, which can be used, for instance, to decrypt malicious payloads for evading detection. This malware continues to be one of the top ten infections we’ve detected in our clients’ network primarily targeting the Education and Health sectors.
