Merge PR #4693 from @qasimqlf - Update selection to remove overlap

chore: PowerShell ShellCode - Remove "selection" as it was overlapping with "selection2"
2024-01-26 16:19:13 +05:00
parent 24f3228138
commit 7a4eb6cb58
1 changed files with 2 additions and 4 deletions
@@ -6,7 +6,7 @@ references:
    - https://twitter.com/cyb3rops/status/1063072865992523776
 author: David Ledbetter (shellcode), Florian Roth (Nextron Systems)
 date: 2018/11/17
-modified: 2022/12/25
+modified: 2024/01/25
 tags:
    - attack.defense_evasion
    - attack.privilege_escalation
@@ -19,12 +19,10 @@ logsource:
    definition: 'Requirements: Script Block Logging must be enabled'
 detection:
    selection:
-        ScriptBlockText|contains: 'AAAAYInlM'
-    selection2:
        ScriptBlockText|contains:
            - 'OiCAAAAYInlM'
            - 'OiJAAAAYInlM'
-    condition: selection and selection2
+    condition: selection
 falsepositives:
    - Unknown
 level: high