From 97b4078d018d09118aaaaa3705cfa9a88e2f71c5 Mon Sep 17 00:00:00 2001
From: Omer Yampel <omeryampel@gmail.com>
Date: Sat, 4 Mar 2017 20:26:39 -0500
Subject: [PATCH] Update powershell_malicious_commandlets.yml

Added https://github.com/putterpanda/mimikittenz reference
---
 rules/windows/powershell/powershell_malicious_commandlets.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/powershell/powershell_malicious_commandlets.yml b/rules/windows/powershell/powershell_malicious_commandlets.yml
index 672b5daef..d78ba91af 100644
--- a/rules/windows/powershell/powershell_malicious_commandlets.yml
+++ b/rules/windows/powershell/powershell_malicious_commandlets.yml
@@ -114,6 +114,7 @@ detection:
         - Invoke-PortScan
         - Invoke-ReverseDNSLookup
         - Invoke-SMBScanner
+        - Invoke-Mimikittenz
     condition: keywords
 falsepositives:
     - Penetration testing