Hide Navigation Hide TOC Suspicious XOR Encoded PowerShell Command (bb780e0c-16cf-4383-8383-1e5471db6cf9) Detects presence of a potentially xor encoded powershell command Cluster A Galaxy A Cluster B Galaxy B Level Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Suspicious XOR Encoded PowerShell Command (bb780e0c-16cf-4383-8383-1e5471db6cf9) Sigma-Rules 1 PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Suspicious XOR Encoded PowerShell Command (bb780e0c-16cf-4383-8383-1e5471db6cf9) Sigma-Rules 1 Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Suspicious XOR Encoded PowerShell Command (bb780e0c-16cf-4383-8383-1e5471db6cf9) Sigma-Rules 1 PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2