HackTool - Wmiexec Default Powershell Command

Rule Info

Tags
attack.defense_evasion DEMO attack.lateral_movement
Modified
None
Author
Nasreddine Bencherchali (Nextron Systems)
Name
HackTool - Wmiexec Default Powershell Command
Description
Detects the execution of PowerShell with a specific flag sequence that is used by the Wmiexec script
Date
2023-03-08 00:00:00
Id
022eaba8-f0bf-4dd9-9217-4604b0bb3bb0
Type
Community Rule

Rule History

Commit
Date
Author
Title
2023-03-13
Nasreddine Bencherchali
fix: apply suggestions from code review
2023-03-09
Nasreddine Bencherchali
feat: update and fixes