This detection rule identifies obfuscated PowerShell command invocations, particularly those generated by the Invoke-Obfuscation framework. By leveraging specific regex patterns, it captures variations of the IEX (Invoke-Expression) command that are typically obscured as part of evasion techniques used by malicious actors. These types of commands may be indicative of attempts to execute arbitrary code in a stealthy manner, which is a common tactic in post-exploitation phases of an attack. The rule focuses on patterns associated with specific PowerShell variables and environment settings that are manipulated for obfuscation. This enables security teams to be alerted to potential malicious activities while using PowerShell on Windows systems.