Mandiant-Azure-AD-Investigator – PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity
This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity. Some indicators are “high-fidelity” indicators of compromise, while other artifacts are so called “dual-use” artif…