Potential DLL File Download Via PowerShell Invoke-WebRequest

Rule Info

Name
Potential DLL File Download Via PowerShell Invoke-WebRequest
Author
Florian Roth (Nextron Systems), Hieu Tran
Description
Detects potential DLL files being downloaded using the PowerShell Invoke-WebRequest cmdlet
Reference
https://www.zscaler.com/blogs/security-research/onenote-growing-threat-malware-distribution
Date
2023-03-13 00:00:00
Modified
None
Id
0f0450f3-8b47-441e-a31b-15a91dc243e2
Tags
attack.command-and-control attack.execution attack.t1059.001 attack.t1105
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=0f0450f3-8b47-441e-a31b-15a91dc243e2

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
Merge PR #4700 from @nasbench - Promote older rules status from `experimental` to `test`
2024-02-01
367ebd939
Tessa Georgen
Merge PR #4392 from @tjgeorgen - Update MITRE Tags
2023-08-28
60b8e9b70
Hieu Tran
feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111)
2023-03-17
0e934bd4b
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022