Update silenttrinity_stager_msbuild_activity.yml

2024-11-08 02:08:54 +00:00 · 2020-10-14 13:04:49 +05:30 · 2020-10-14 13:04:49 +05:30 · 2fa7ae2c1c
commit 2fa7ae2c1c
parent 6b25378a61
1 changed files with 1 additions and 1 deletions
--- a/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
+++ b/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
@ -17,7 +17,7 @@ logsource:
 detection:
    selection:
        EventID: 3
-        ParentImage|endswith: '\msbuild.exe'
+        ParentImage|endswith: 'msbuild.exe'
    condition: selection
 fields:
    - ParentImage