
Rule Info
Name
RedCurl Powershell Environment Variable
Author
X__Junior
Description
Detects PowerShell environment variable seen used by RedCurl APT
Date
2025-01-08 00:00:00
Modified
None
Id
c6cd3d21-95e5-4ece-80c6-205e14919051
Tags
attack.discovery
Type
Nextron Sigma feed only (private)