Rule Library

Sigma Rules

3 rules found for "Sean Metcalf (source)"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionhightest

PowerShell Called from an Executable Version Mismatch

Detects PowerShell called from an executable by the version mismatch method

WindowsPowerShell Classic

TA0005 · Defense EvasionTA0002 · ExecutionT1059.001 · PowerShell

Sean Metcalf (source)+1Sun Mar 05windows

Detectionmediumtest

Malicious PowerShell Keywords

Detects keywords from well-known PowerShell exploitation frameworks

WindowsPowerShell Script

TA0002 · ExecutionT1059.001 · PowerShell

Sean Metcalf (source)+1Sun Mar 05windows

Detectionhightest

PowerShell PSAttack

Detects the use of PSAttack PowerShell hack tool

WindowsPowerShell Script

TA0002 · ExecutionT1059.001 · PowerShell

Sean Metcalf (source)+1Sun Mar 05windows