Mandiant-Azure-AD-Investigator repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity. Some indicators are “high-fidelity” indicators of compromise, while other artifacts are so called “dual-use” artifacts. Dual-use artifacts may be related to threat actor activity, but also may be related to legitimate functionality. Analysis and verification …
Continue reading “Mandiant-Azure-AD-Investigator : PowerShell module for detecting artifacts”