McL0vinn/MicrosoftDefender-DiscordCNC

Threat-Hunting KQL query which identifies machines that utilize powershell, cmd or wmic to connect to any URL that includes “cdn.discordapp.com” ,where the action was initiated by a script execution ( .vbs , .bat etc)

Watchers

McL0vinn