valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: single list item issue

Browse Source
This commit is contained in:
Florian Roth 2021-09-01 14:03:42 +02:00
parent 505140d273
commit 1aac21ba79
No known key found for this signature in database
GPG Key ID: 5C328E4878049D7A
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/wmi_event/sysmon_wmi_susp_encoded_scripts.yml
View File

@ -15,7 +15,7 @@ logsource:
category: wmi_event category: wmi_event
detection: detection:
selection_destination: selection_destination:
- Destination|base64offset|contains: Destination|base64offset|contains:
- 'WriteProcessMemory' - 'WriteProcessMemory'
- 'This program cannot be run in DOS mode' - 'This program cannot be run in DOS mode'
- 'This program must be run under Win32' - 'This program must be run under Win32'