From effd9dd957df24379bb31201412f838c9231608c Mon Sep 17 00:00:00 2001
From: Shreya Malviya <shreya.malviya@gmail.com>
Date: Wed, 13 Oct 2021 13:37:39 +0530
Subject: [PATCH] island: Modify mongo query so 'Account Discovery' PBA also
 gets reported in T1086

---
 .../monkey_island/cc/services/attack/technique_reports/T1086.py  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
index 1d74bac61..1fd99500e 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
@@ -42,6 +42,7 @@ class T1086(AttackTechnique):
                 "telem_category": "post_breach",
                 "$or": [
                     {"data.command": {"$regex": r"\.ps1"}},
+                    {"data.command": {"$regex": "powershell"}},
                     {"data.result": {"$regex": r"\.ps1"}},
                 ],
             },