Nslookup PowerShell Download Cradle

Rule Info

Name
Nslookup PowerShell Download Cradle
Author
Sai Prashanth Pulisetti @pulisettis, Aishwarya Singam
Description
Detects a powershell download cradle using nslookup. This cradle uses nslookup to extract payloads from DNS records.
Reference
https://twitter.com/Alh4zr3d/status/1566489367232651264
Date
2022-12-10 00:00:00
Modified
2025-02-25 00:00:00
Id
999bff6d-dc15-44c9-9f5c-e1051bfc86e1
Tags
attack.execution attack.t1059.001
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=999bff6d-dc15-44c9-9f5c-e1051bfc86e1

Rule History

Author
Title
Date
Commit
Hannes Widéen
Merge PR #5211 from @HannesWid - Update `Nslookup PowerShell Download Cradle`
2025-03-05
54496e2e0
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Fukusuke Takahashi
Merge PR #4519 from @fukusuket - Update PowerShell Classic Rule To Use `Data` Field
2023-10-28
587da70c9
frack113
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17
020fc8061
sai prashanth pulisetti
feat: add co-author to posh_pc_abuse_nslookup_with_dns_records.yml (#4079)
2023-02-27
46ed735d4
Nasreddine Bencherchali
fix: enhance logic and severity
2022-12-19
025c1a4aa
sai prashanth pulisetti
Create Abuse Nslookup with DNS Records (#3773)
2022-12-12
5a46cd3ef
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022