Suspicious Marker In PowerShell

Rule Info

Name
Suspicious Marker In PowerShell
Author
X__Junior
Description
Detects a suspicious marker used to identify the beginning and ending of a base64 encoded blob
Date
2025-01-13 00:00:00
Modified
None
Id
8ef29786-ddf0-4d40-a569-9f78203dadfb
Tags
attack.discovery
Type
Nextron Sigma feed only (private)

Rule History