From 09e754a8f9b52b7150b2c96e344b155675e45f11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hans-Martin=20M=C3=BCnch?= Date: Tue, 22 Aug 2017 10:56:25 +0200 Subject: [PATCH] Small Typo fix --- rules/windows/sysmon/sysmon_susp_cmd_http_appdata.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_cmd_http_appdata.yml b/rules/windows/sysmon/sysmon_susp_cmd_http_appdata.yml index 02372bcb..ca528325 100644 --- a/rules/windows/sysmon/sysmon_susp_cmd_http_appdata.yml +++ b/rules/windows/sysmon/sysmon_susp_cmd_http_appdata.yml @@ -1,4 +1,4 @@ -title: Command Line Executaion with suspicious URL and AppData Strings +title: Command Line Execution with suspicious URL and AppData Strings status: experimental description: Detects a suspicious command line execution that includes an URL and AppData string in the command line parameters as used by several droppers (js/vbs > powershell) reference: