
Rule Info
Tags
attack.defense_evasion DEMO attack.lateral_movement
Modified
None
Author
Nasreddine Bencherchali (Nextron Systems)
Name
HackTool - Wmiexec Default Powershell Command
Description
Detects the execution of PowerShell with a specific flag sequence that is used by the Wmiexec script
Date
2023-03-08 00:00:00
Reference
Id
022eaba8-f0bf-4dd9-9217-4604b0bb3bb0
Type
Community Rule
Link to Public Repo