diff --git a/rules/proxy/proxy_powershell_download_webdav.yml b/rules/proxy/proxy_powershell_download_webdav.yml
new file mode 100644
index 000000000..2d428561c
--- /dev/null
+++ b/rules/proxy/proxy_powershell_download_webdav.yml
@@ -0,0 +1,21 @@
+title: Windows PowerShell WebDav User Agent
+status: experimental
+description: Detects Windows PowerShell Web Access
+references:
+    - https://mgreen27.github.io/posts/2018/04/02/DownloadCradle.html
+author: Florian Roth
+date: 2018/04/06
+logsource:
+    category: proxy
+detection:
+    selection:
+      UserAgent: 'Microsoft-WebDAV-MiniRedir/*'
+    condition: selection
+fields:
+    - ClientIP
+    - URL
+    - UserAgent
+falsepositives:
+    - Administrative scripts that download files from the Internet
+    - Administrative scripts that retrieve certain website contents
+level: high