Poweliks - downloading powershell

Learn about Computer Security General Security Questions and Comments
1

Hey guys,
looking into Fileless Malware, I can’t find any details how exactly the malware is downloading powershell if it is not present on the victim’s system ? I’ve already read quite articles about FM but didn’t find an answer to my question, hence asking here. They usually just say that the malware is downloading powershell, but not exactly how it’s done.
Would CIS HIPS catch this ? Do they use BITS ? Can’t find any details.

Thanks guys,
Regards

2
I can't find any details how exactly the malware is downloading powershell if it is not present on the victim's system

I can explain it, but its way too much to write. 2 ways to get infected. its either the memory or harddrive. sometimes malicious instructions are hidden in the registry too

Would CIS HIPS catch this ?
yes and also itll get sand boxed :)
Do they use BITS
threes too many different ways besides BITS
3

Thanks Jay !