Rule Category

MALWARE-OTHER --

Alert Message

MALWARE-OTHER PowerShell invocation with ExecutionPolicy Bypass attempt

Rule Explanation

This event is generated when a compiled binary contains PowerShell invocation with options to bypass ExecutionPolicy Impact: A Network Trojan was detected Details: PowerShell invocation from within a compiled application which bypasses ExecutionPolicy is suspect behavior. This could potentially be used to download and execute malicious PowerShell scripts. Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

None

Additional Links

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None