https://w3nch.github.io/categories/malware--endpoint/Recent content in Malware & Endpoint on Hello w3nchHugo -- gohugo.ioen-usTue, 03 Feb 2026 00:00:00 +0000https://w3nch.github.io/writeups/letsdefend/alerts/soc153---suspicious-powershell-script-executedname/Tue, 03 Feb 2026 00:00:00 +0000https://w3nch.github.io/writeups/letsdefend/alerts/soc153---suspicious-powershell-script-executedname/Event ID: 238 Rule Name: SOC153 – Suspicious PowerShell Script Executed Severity: HIGH Category: Endpoint Compromise / Malware Event Time: March 14, 2024 – 05:23 PM Compromised Host: Tony (172.16.17.206) Tony at work opened a suspicious file they probably shouldn’t have. It was like finding a strange USB drive in the parking lot and plugging it into your computer you don’t know what’s on it, but it starts doing things automatically.