Hey guys,
looking into Fileless Malware, I can’t find any details how exactly the malware is downloading powershell if it is not present on the victim’s system ? I’ve already read quite articles about FM but didn’t find an answer to my question, hence asking here. They usually just say that the malware is downloading powershell, but not exactly how it’s done.
Would CIS HIPS catch this ? Do they use BITS ? Can’t find any details.
Thanks guys,
Regards