sigma-rules

Author SHA1 Message Date

Author	SHA1	Message	Date
Jonhnathan	27da0d6ed7	[New Rule] Suspicious Portable Executable Encoded in Powershell Script (#1562 ) * Create execution_posh_portable_executable.toml * Add wildcard * Remove the wildcard * Update rules/windows/execution_posh_portable_executable.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> (cherry picked from commit `f50fb1d61b`)	2021-10-18 20:51:12 +00:00

Jonhnathan

27da0d6ed7

[New Rule] Suspicious Portable Executable Encoded in Powershell Script (#1562 )

* Create execution_posh_portable_executable.toml

* Add wildcard

* Remove the wildcard

* Update rules/windows/execution_posh_portable_executable.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

(cherry picked from commit f50fb1d61b)

2021-10-18 20:51:12 +00:00

1 Commits