Merge branch 'master' into nasbench-rule-devel

rules/windows/powershell/powershell_script/posh_ps_malicious_commandlets.yml

@@ -2,15 +2,18 @@ title: Malicious PowerShell Commandlets
 id: 89819aa4-bbd6-46bc-88ec-c7f7fe30efa6
 status: experimental
 description: Detects Commandlet names from well-known PowerShell exploitation frameworks
-author: Sean Metcalf (source), Florian Roth (rule), Bartlomiej Czyz @bczyz1 (update), oscd.community (update), Nasreddine Bencherchali (update), Tim Shelton (fp)
 references:
     - https://adsecurity.org/?p=2921
     - https://github.com/S3cur3Th1sSh1t/PowerSharpPack/tree/master/PowerSharpBinaries
     - https://github.com/BC-SECURITY/Invoke-ZeroLogon/blob/111d17c7fec486d9bb23387e2e828b09a26075e4/Invoke-ZeroLogon.ps1
     - https://github.com/xorrior/RandomPS-Scripts/blob/848c919bfce4e2d67b626cbcf4404341cfe3d3b6/Get-DXWebcamVideo.ps1
     - https://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/6f23bb41f9675d7e2d32bacccff75e931ae00554/OfficeMemScraper.ps1
+author: Sean Metcalf (source), Florian Roth (rule), Bartlomiej Czyz @bczyz1 (update), oscd.community (update), Nasreddine Bencherchali (update), Tim Shelton (fp)
 date: 2017/03/05
 modified: 2022/10/25
+tags:
+    - attack.execution
+    - attack.t1059.001
 logsource:
     product: windows
     category: ps_script
@@ -201,6 +204,3 @@ detection:
 falsepositives:
     - Unknown
 level: high
-tags:
-    - attack.execution
-    - attack.t1059.001