🐾 - 🚨 Powershell 🌐 (Windows 10 🪟) - module downloading ⬇ from PowerShell Gallery (launched as administrator 🦸)

SID: 3301122Rev: 117 views
Sourcepawpatrules
CreatedJanuary 14, 2024
UpdatedJanuary 14, 2024
Classificationpolicy-violation
alert tls $HOME_NET any -> any 443 (msg:"🐾 - 🚨 Powershell 🌐 (Windows 10 🪟) - module downloading ⬇ from PowerShell Gallery (launched as administrator 🦸)"; flow:to_server, stateless; ja3.hash; content:"3b5074b1b5d032e5620f69f9f700ff0e"; fast_pattern; tls_sni; content:"www.powershellgallery.com"; nocase; endswith; metadata:former_category JA3; reference:url,https://learn.microsoft.com/en-us/powershell/; reference:url,https://www.powershellgallery.com/; metadata:signature_severity Major, attack_target Client_and_Server, affected_product Windows_11_Server_32_64_Bit, mitre_tactic_id TA0002, mitre_tactic_name Execution, mitre_technique_id T1059.001, mitre_technique_name Command_and_Scripting_Interpreter_PowerShell, created_at 2024_01_14, updated_at 2024_01_14; sid:3301122; rev:1; classtype:policy-violation;)

References

urlhttps://learn.microsoft.com/en-us/powershell/
urlhttps://www.powershellgallery.com/

Metadata

former categoryJA3

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!