Update powershell_cmdline_specific_comb_methods.yml
This commit is contained in:
Vasiliy Burov
@@ -16,12 +16,11 @@ logsource:
|
||||
product: windows
|
||||
detection:
|
||||
selection1:
|
||||
Image|endswith:
|
||||
- '\powershell.exe'
|
||||
Image|endswith: '\powershell.exe'
|
||||
selection2:
|
||||
CommandLine|contains|all:
|
||||
- 'char'
|
||||
- 'joint'
|
||||
CommandLine|all:
|
||||
- '*char*'
|
||||
- '*joint*'
|
||||
selection3:
|
||||
CommandLine|contains:
|
||||
- 'ToInt'
|
||||
@@ -35,13 +34,13 @@ detection:
|
||||
- 'ToString'
|
||||
- 'String'
|
||||
selection5:
|
||||
CommandLine|contains|all:
|
||||
- 'split'
|
||||
- 'join'
|
||||
CommandLine|all:
|
||||
- '*split*'
|
||||
- '*join*'
|
||||
selection6:
|
||||
CommandLine|contains|all:
|
||||
- 'ForEach'
|
||||
- 'Xor'
|
||||
CommandLine|all:
|
||||
- '*ForEach*'
|
||||
- '*Xor*'
|
||||
selection7:
|
||||
CommandLine|contains:
|
||||
- 'cOnvErTTO-SECUreStRIng'
|
||||
|
||||
Reference in New Issue
Block a user