Rule Equifax_Malware {
       meta:
     description = "Suspicious malware for threat hunting"
     Block = true
     Quarantine = true
     Log = true
      CaptureCommandLine = true
       LogSubprocesses = true

    Strings:

       // place anything in here you wish that is related to PowerShell

     condition:
     2 of ($hc)
}