This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

Randomized powershell executables - hash is poweshell.exe but file name is different.

Posted on 03-12-2024 07:42 PM
ravivittal
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Can someone please provide some guidance on how to go about writing a YARA-L rule for to detect this?

- Randomized powershell executables - hash is poweshell.exe but file name is different.

0 4 269
Topic Labels
0 Likes
4 REPLIES 4
Top Solution Authors
View all