Update win_mal_flowcloud.yml

rules/windows/malware/win_mal_flowcloud.yml

@@ -9,23 +9,19 @@ tags:
   - attack.persistence
   - attack.t1112
 date: 2020/06/09
-modified: 2021/07/15
+modified: 2021/07/22
 logsource:
   product: windows
   category: registry_event
 detection:
   selection:
-    EventID:
-      - 12 # key create
-      - 13 # value set
-  selection2:
     - TargetObject:
       - 'HKLM\HARDWARE\{804423C2-F490-4ac3-BFA5-13DEDE63A71A}'
       - 'HKLM\HARDWARE\{A5124AF5-DF23-49bf-B0ED-A18ED3DEA027}'
       - 'HKLM\HARDWARE\{2DB80286-1784-48b5-A751-B6ED1F490303}'
     - TargetObject|startswith:
       - 'HKLM\SYSTEM\Setup\PrintResponsor\'
-  condition: selection or selection2
+  condition: selection
 falsepositives:
   - Unknown
 level: critical