Rule Library

Sigma Rules

2 rules found for "ok invrep_de"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Bad Opsec Powershell Code Artifacts

focuses on trivial artifacts observed in variants of prevalent offensive ps1 payloads, including Cobalt Strike Beacon, PoshC2, Powerview, Letmein, Empire, Powersploit, and other attack payloads that often undergo minimal changes by attackers due to bad opsec.

WindowsPowerShell Module

TA0002 · ExecutionT1059.001 · PowerShell

ok invrep_de+1Fri Oct 09windows

Detectionhightest

Disable Windows Defender AV Security Monitoring

Detects attackers attempting to disable Windows Defender using Powershell

WindowsProcess Creation

TA0005 · Defense EvasionT1562.001 · Disable or Modify Tools

ok invrep-de+2Mon Oct 12windows