Malicious PowerShell Commandlets - PoshModule

Rule Info

Name
Malicious PowerShell Commandlets - PoshModule
Description
Detects Commandlet names from well-known PowerShell exploitation frameworks
Modified
2023-01-23 00:00:00
Date
2023-01-20 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.t1087.002 attack.execution attack.t1069.002 attack.t1482 attack.t1059.001 attack.t1087.001 attack.t1069.001 attack.discovery attack.t1069 attack.t1087 DEMO
Id
7d0d0329-0ef1-4e84-a9f5-49500f9d7c6c
Type
Community Rule

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
fix: fp found in testing
2023-01-24
Nasreddine Bencherchali
fix: fp with powercat
2023-01-21
Nasreddine Bencherchali
fix: optimize "Invoke-Sharp" coverage
2023-01-21
Nasreddine Bencherchali
feat: update and merge some pwsh rules
2023-01-20
Nasreddine Bencherchali
feat: new rules and updates
2023-01-17
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-10
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-06
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-04
Nasreddine Bencherchali
fix: add missing date
2023-01-02
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-02
Nasreddine Bencherchali
fix: rename links from old repo to SigmaHQ
2022-12-27
gs3cl
Gs3cl patch 1 (#3753)
2022-12-05
Mustafa Kaan Demir
DomainPasswordSpray Attacks Rule
2022-10-29
frack113
Order yaml field
2022-10-26