Malicious PowerShell Scripts - PoshModule

Rule Info

Name
Malicious PowerShell Scripts - PoshModule
Description
Detects the execution of known offensive powershell scripts used for exploitation or reconnaissance
Modified
None
Date
2023-01-23 00:00:00
Author
frack113, Nasreddine Bencherchali
Tags
attack.execution DEMO attack.t1059.001
Id
41025fd7-0466-4650-a813-574aaacbe7f4
Type
Community Rule

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
fix: fp found in testing
2023-01-24
Nasreddine Bencherchali
fix: optimize "Invoke-Sharp" coverage
2023-01-21
Nasreddine Bencherchali
feat: update and merge some pwsh rules
2023-01-20
Nasreddine Bencherchali
feat: new rules and updates
2023-01-17
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-10
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-06
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-04
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-02
Nasreddine Bencherchali
fix: rename links from old repo to SigmaHQ
2022-12-27
gs3cl
Gs3cl patch 1 (#3753)
2022-12-05
Mustafa Kaan Demir
DomainPasswordSpray Attacks Rule
2022-10-29
frack113
Order yaml field
2022-10-26
Nasreddine Bencherchali
Add Office Token Stealing Rules
2022-10-25
frack113
Move file category rules
2022-10-13
Nasreddine Bencherchali
Updates
2022-10-04