detection icon

Short bio

Exploit.T1059Execution is Malwarebytes’ detection name for the malicious abuse of powershell utilities.


Exploit.T1059Execution monitors, detects, and blocks the malicious abuse of powershell utilities. T1059 is a reference to the Mitre Att&ck technique Command and Scripting Interpreter: PowerShell. Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. PowerShell may also be used to download and run executables from the Internet, which can be executed from disk or in memory without touching disk.


Malwarebytes protects your system(s) by detecting attempts at malicious abuse of powershell utilities and displays the message T1059 – Execution

list of Exploit detections in Nebula