MalwareBazaar Database
This page shows some basic information the YARA rule mal_metasploit_shellcode_windows_powershell_tcp including corresponding malware samples.
Database Entry
| YARA Rule: | mal_metasploit_shellcode_windows_powershell_tcp |
|---|---|
| Author: | Maxime THIEBAUT (@0xThiebaut) |
| Description: | Detects Metasploit import-hashes from the windows/powershell_bind_tcp and windows/powershell_reverse_tcp payloads |
| Firstseen: | 2023-05-06 12:31:53 UTC |
| Lastseen: | 2025-08-21 09:01:44 UTC |
| Sightings: | 20 |
Malware Samples
The table below shows all malware samples that matching this particular YARA rule (max 1000).
| Firstseen (UTC) | SHA256 hash | Tags | Signature | Reporter |
|---|