MALWARE-CNC Win.Trojan.Autophyte dropper variant outbound connection
This event is generated when a compromised internal PC reaches out to grab mainls.cs, a powershell script that downloads additional malware.
Autophyte's Dropper, also known as PowerSpritz is a downloader that changes its name to something innocuous on the user system, downloads additional payload, and deletes itself when its objective is complete.
Ease of attack
Please follow corporate mitigation practices.
- Cisco's Talos Intelligence Group