This detection rule aims to identify the use of PowerShell commands associated with clipboard access, specifically targeting behavior utilized by information stealing malware such as Bbystealer. The rule focuses on specific EventCodes related to PowerShell activities (EventCodes 4103 and 4104) while logging relevant clipboard access commands ('Get-Clipboard' and 'Set-Clipboard'). These commands can signify an attempt by malware to either retrieve sensitive information from the clipboard or to insert malicious data. The detection logic is crafted to capture these commands from PowerShell logs and collate usage data over time, allowing security analysts to monitor unusual behaviors indicative of clipboard access misuse. By utilizing this rule, organizations can enhance their ability to detect malicious activities, particularly in environments where sensitive data is frequently copied to the clipboard, like VPN users or during data entry processes.