Artifacts that may be indicative of UNC2452 and other threat actor activity are detected using a PowerShell module.


  1. Signing Certificate with an Unusual Validity Period.
  2. Inconsistent Signature Certificate
  3. Azure Active Directory Backdoor (any.sts)
  4. Domains that are federated
  5. Domains that haven’t been confirmed.

Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purposes.

Download link:

Leave a Reply

Your email address will not be published.

Write for Us

    Get in Touch To get Free Demo

    We are available 24 * 7, Contact Us and Avail Exciting Discount Offers​