
Rule Info
Name
HackTool - Wmiexec Default Powershell Command
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of PowerShell with a specific flag sequence that is used by the Wmiexec script
Reference
Date
2023-03-08 00:00:00
Modified
None
Id
022eaba8-f0bf-4dd9-9217-4604b0bb3bb0
Tags
attack.defense-evasion attack.lateral-movement
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
github-actions[bot]
Merge PR #4700 from @nasbench - Promote older rules status from `experimental` to `test`
2024-02-01