Suspicious invoke-webrequest execution

Intel Name: Suspicious invoke-webrequest execution

Date of Scan: January 17, 2025

Impact: Medium

Summary:
“Suspicious Invoke-WebRequest Execution” refers to the detection of an unusual use of the Invoke-WebRequest cmdlet, a PowerShell command typically used to send HTTP requests. The suspicion arises when the output of the command is directed to a suspicious location, which may indicate malicious intent, such as downloading or exfiltrating data to an unauthorized location. This behavior could be a sign of a cyberattack or unauthorized activity.

More Details