I published the following diary on isc.sans.edu: “Malicious Powershell Script Dissection”:
Here is another example of malicious Powershell script found while hunting. Such scripts remain a common attack vector and many of them can be easily detected just by looking for some specific strings. Here is an example of YARA rule that I’m using to hunt for malicious Powershell scripts… [Read more]