Potential Data Exfiltration Via Powershell

Rule Info

Name
Potential Data Exfiltration Via Powershell
Author
X__Junior
Description
Detects powershell commands that potentially performing data exfiltration.
Reference
https://www.esentire.com/blog/unraveling-the-many-stages-and-techniques-used-by-redcurl-earthkapre-apt
Date
2025-02-27 00:00:00
Modified
None
Id
5d1afc85-fd26-4efd-8a67-614ec0c28899
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022