Update powershell_cmdline_specific_comb_methods.yml

2020-10-12 00:27:45 +03:00
parent 6f7475020a
commit 8d926dc303
1 changed files with 2 additions and 6 deletions
@@ -31,17 +31,13 @@ detection:
            - 'ToString'
            - 'String'
    selection4:
-        CommandLine|contains|all:
-            - 'split'
-            - 'join'
-    selection5:
        CommandLine|contains|all:
            - 'ForEach'
            - 'Xor'
-    selection6:
+    selection5:
        CommandLine|contains:
            - 'cOnvErTTO-SECUreStRIng'
-    condition: selection1 and ((selection2 and selection3) or selection4 or selection5 or selection5)
+    condition: selection1 and ((selection2 and selection3) or selection4 or selection5)
 falsepositives:
    - Unlikely
 level: high