Change the format ro align it with others query
Chage the format from KUSTO to Query in order to standardize the layout
This commit is contained in:
darioongit
GitHub
Родитель
5d28ea47b8
Коммит
51d1283363
|
|
@ -2,11 +2,12 @@
|
|||
|
||||
This query searches for a string pattern detected in evasive PowerShell usage. Jupyter or SolarMarker will iterate on this pattern multiple times to read data and call additional processes. This query is not fully specific to Jupyter or SolarMarker, and will also return other malicious malware, but is unlikely to return false positives.
|
||||
|
||||
'''kusto
|
||||
## Query
|
||||
```
|
||||
DeviceProcessEvents
|
||||
| where FileName == "powershell.exe"
|
||||
| where ProcessCommandLine has_all("-ep bypass","-command","get-content","remove-item","iex")
|
||||
'''
|
||||
```
|
||||
|
||||
## Category
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче