Rule Info
Name
SUSP_PS1_AES_Managed_Jan22_1
Author
Florian Roth
Description
Detects suspicious use of System.Security.Cryptography.AesManaged in PowerShell scripts
Score
55
Reference
Internal Research
Date
2022-01-21
Modified
2023-10-27
Minimum Yara
1.7
Rule Hash
175930c4a2414969fc7841729c84c6c0
Tags
['SUSP', 'SCRIPT', 'T1059_001']
Required Modules
[]
Virustotal Matches
Antivirus Verdicts
Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
0
Clean (0 engines)
0