valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed rule

Browse Source
This commit is contained in:
Thomas Patzke 2018-10-18 16:20:51 +02:00
parent a2da73053d
commit ff98991c80
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/windows/powershell/powershell_xor_commandline.yml
View File

@ -1,3 +1,4 @@
action: global
title: Suspicious Encoded PowerShell Command Line
description: Detects suspicious powershell process which includes bxor command, alternatvide obfuscation method to b64 encoded commands.
status: experimental