Suspicious PowerShell Execution

High Open

ALR-00067 · 2026-04-11T14:20:59Z

Description

Encoded PowerShell command executed on SRV-BACKUP-01 by user 'd.walker'. Command attempts to download and execute remote payload. Flagged by DecoyPulse.

Alert Metadata

Alert ID: ALR-00067
Timestamp: 2026-04-11T14:20:59Z
Severity: High
Status: Open
Detection Source: DecoyPulse
Assigned Analyst: Anika Patel

Endpoint Information

Hostname: SRV-BACKUP-01
User Account: d.walker
Source IP: 194.249.62.235
Destination IP: 10.2.159.235
Origin Country: IN India

MITRE ATT&CK Mapping

Tactic: Execution
Technique: T1059.001
Reference: attack.mitre.org/techniques/T1059.001

Investigation Timeline

14:20:59 Event ingested by SOC365 Engine

14:21:04 EmilyAI triage started — correlation enrichment

14:21:09 EmilyAI confidence: 91% — escalated to human analyst

14:21:20 Alert assigned to analyst: Anika Patel

14:22:49 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00386	11m ago	Malware Signature Match	Informational	Escalated	SRV-BACKUP-01
ALR-00258	23m ago	Lateral Movement Detected	Informational	Open	SRV-BACKUP-01
ALR-00313	1h ago	Suspicious PowerShell Execution	Informational	Open	SRV-BACKUP-01
ALR-00149	1h ago	Suspicious PowerShell Execution	Low	Investigating	SRV-BACKUP-01
ALR-00469	7h ago	Suspicious PowerShell Execution	Informational	Escalated	SRV-WEB-01