PowerShell Decompress Commands (1ddc1472-8e52-4f7d-9f11-eab14fc171f5)
A General detection for specific decompress commands in PowerShell logs. This could be an adversary decompressing files.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) | Attack Pattern | PowerShell Decompress Commands (1ddc1472-8e52-4f7d-9f11-eab14fc171f5) | Sigma-Rules | 1 |