Intel Name: Suspicious invoke-webrequest execution
Date of Scan: January 17, 2025
Impact: Medium
Summary: “Suspicious Invoke-WebRequest Execution” refers to the detection of an unusual use of the Invoke-WebRequest cmdlet, a PowerShell command typically used to send HTTP requests. The suspicion arises when the output of the command is directed to a suspicious location, which may indicate malicious intent, such as downloading or exfiltrating data to an unauthorized location. This behavior could be a sign of a cyberattack or unauthorized activity.