VsCode Powershell Profile Modification (3a9fa2ec-30bc-4ebd-b49e-7c9cff225502)

Detects the creation or modification of a vscode related powershell profile which could indicate suspicious activity as the profile can be used as a mean of persistence

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
VsCode Powershell Profile Modification (3a9fa2ec-30bc-4ebd-b49e-7c9cff225502)	Sigma-Rules	PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	2