Hoaxshell Encoded Payload - PowerShell

Rule Info

Name
Hoaxshell Encoded Payload - PowerShell
Author
Nasreddine Bencherchali
Description
Detects the encoded payload of hoaxshell, an unconventional Windows reverse shell via PowerShell scriptblock logging
Reference
https://github.com/t3l3machus/hoaxshell/
Date
2022-10-20 00:00:00
Modified
2023-03-29 00:00:00
Id
4ee6b667-1e91-42eb-a70d-d5a252766c72
Tags
attack.defense-evasion attack.execution attack.t1059
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022