valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

rule: minor improvement to susp ps enc cmd

Browse Source
This commit is contained in:
Florian Roth 2019-09-04 16:31:49 +02:00
parent 03d45d57de
commit 7bef822da7
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
View File

@ -22,6 +22,7 @@ detection:
- '* -e JAB*'
- '* -e JAB*'
- '* -enc JAB*'
- '* -enco JAB*'
- '* -encodedcommand JAB*'
- '* BA^J e-'
- '* -e SUVYI*'