Update powershell_cmdline_specific_comb_methods.yml
This commit is contained in:
Vasiliy Burov
@@ -17,15 +17,16 @@ logsource:
|
||||
detection:
|
||||
selection1:
|
||||
Image|endswith: '\powershell.exe'
|
||||
CommandLine|all:
|
||||
- '*char*'
|
||||
- '*join*'
|
||||
CommandLine|contains|all:
|
||||
- 'char'
|
||||
- 'join'
|
||||
selection2:
|
||||
Image|endswith: '\powershell.exe'
|
||||
CommandLine|contains:
|
||||
- 'ToInt'
|
||||
- 'ToDecimal'
|
||||
- 'ToByte'
|
||||
- 'ToUint'
|
||||
- 'ToSingle'
|
||||
- 'ToSByte'
|
||||
selection3:
|
||||
@@ -36,14 +37,14 @@ detection:
|
||||
- 'String'
|
||||
selection4:
|
||||
Image|endswith: '\powershell.exe'
|
||||
CommandLine|all:
|
||||
- '*split*'
|
||||
- '*join*'
|
||||
CommandLine|contains|all:
|
||||
- 'split'
|
||||
- 'join'
|
||||
selection5:
|
||||
Image|endswith: '\powershell.exe'
|
||||
CommandLine|all:
|
||||
- '*ForEach*'
|
||||
- '*Xor*'
|
||||
CommandLine|contains|all:
|
||||
- 'ForEach'
|
||||
- 'Xor'
|
||||
selection6:
|
||||
Image|endswith: '\powershell.exe'
|
||||
CommandLine|contains:
|
||||
|
||||
Reference in New Issue
Block a user