valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update powershell_invoke_obfuscation_via_use_rundll32.yml

Browse Source
This commit is contained in:
Nikita Nazarov 2020-10-08 17:45:07 +03:00 committed by GitHub
parent 3ba4eeac7b
commit b4377ed632
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/powershell/powershell_invoke_obfuscation_via_use_rundll32.yml
View File

@ -4,7 +4,7 @@ description: Detects Obfuscated Powershell via use Rundll32 in Scripts
status: experimental status: experimental
author: Nikita Nazarov, oscd.community author: Nikita Nazarov, oscd.community
date: 2019/10/08 date: 2019/10/08
references: -https://github.com/Neo23x0/sigma/issues/1009 references: - https://github.com/Neo23x0/sigma/issues/1009
tags: tags:
- attack.defense_evasion - attack.defense_evasion
- attack.t1027 - attack.t1027