Malicious PowerShell Scripts - PoshModule

Rule Info

Name
Malicious PowerShell Scripts - PoshModule
Description
Detects the execution of known offensive powershell scripts used for exploitation or reconnaissance
Reference
https://github.com/PowerShellMafia/PowerSploit
Modified
None
Date
2023-01-23 00:00:00
Author
frack113, Nasreddine Bencherchali
Tags
attack.execution DEMO attack.t1059.001
Id
41025fd7-0466-4650-a813-574aaacbe7f4
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=41025fd7-0466-4650-a813-574aaacbe7f4

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
9a03e4e13
fix: fp found in testing
2023-01-24
Nasreddine Bencherchali
dfdc232f5
fix: optimize "Invoke-Sharp" coverage
2023-01-21
Nasreddine Bencherchali
ea536c33b
feat: update and merge some pwsh rules
2023-01-20
Nasreddine Bencherchali
85fb255bc
feat: new rules and updates
2023-01-17
Nasreddine Bencherchali
81f75c1d2
feat: updates and enhancements
2023-01-10
Nasreddine Bencherchali
7e73028c5
feat: updates and enhancements
2023-01-06
Nasreddine Bencherchali
711ba956e
feat: updates and enhancements
2023-01-04
Nasreddine Bencherchali
a99b5082e
feat: updates and enhancements
2023-01-02
Nasreddine Bencherchali
a25027fef
fix: rename links from old repo to SigmaHQ
2022-12-27
gs3cl
122cb47d7
Gs3cl patch 1 (#3753)
2022-12-05
Mustafa Kaan Demir
27822a082
DomainPasswordSpray Attacks Rule
2022-10-29
frack113
fac673282
Order yaml field
2022-10-26
Nasreddine Bencherchali
ada112144
Add Office Token Stealing Rules
2022-10-25
frack113
3cc42cfe6
Move file category rules
2022-10-13
Nasreddine Bencherchali
2ecf9ec7e
Updates
2022-10-04
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022