Malicious PowerShell Commandlets - PoshModule

Rule Info

Name
Malicious PowerShell Commandlets - PoshModule
Description
Detects Commandlet names from well-known PowerShell exploitation frameworks
Reference
https://adsecurity.org/?p=2921
Modified
2023-01-23 00:00:00
Date
2023-01-20 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.t1087.002 attack.execution attack.t1069.002 attack.t1482 attack.t1059.001 attack.t1087.001 attack.t1069.001 attack.discovery attack.t1069 attack.t1087 DEMO
Id
7d0d0329-0ef1-4e84-a9f5-49500f9d7c6c
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=7d0d0329-0ef1-4e84-a9f5-49500f9d7c6c

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
7c38a5c49
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
9a03e4e13
fix: fp found in testing
2023-01-24
Nasreddine Bencherchali
ecaf89dd9
fix: fp with powercat
2023-01-21
Nasreddine Bencherchali
dfdc232f5
fix: optimize "Invoke-Sharp" coverage
2023-01-21
Nasreddine Bencherchali
ea536c33b
feat: update and merge some pwsh rules
2023-01-20
Nasreddine Bencherchali
85fb255bc
feat: new rules and updates
2023-01-17
Nasreddine Bencherchali
81f75c1d2
feat: updates and enhancements
2023-01-10
Nasreddine Bencherchali
7e73028c5
feat: updates and enhancements
2023-01-06
Nasreddine Bencherchali
711ba956e
feat: updates and enhancements
2023-01-04
Nasreddine Bencherchali
579b450d1
fix: add missing date
2023-01-02
Nasreddine Bencherchali
a99b5082e
feat: updates and enhancements
2023-01-02
Nasreddine Bencherchali
a25027fef
fix: rename links from old repo to SigmaHQ
2022-12-27
gs3cl
122cb47d7
Gs3cl patch 1 (#3753)
2022-12-05
Mustafa Kaan Demir
27822a082
DomainPasswordSpray Attacks Rule
2022-10-29
frack113
1e5ae09c4
Order yaml field
2022-10-26
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022