valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Edited win_susp_pcwutl

Browse Source
This commit is contained in:
Yuliya Fomina 2020-10-05 14:00:21 +03:00
parent 39f955d24d
commit 815aa3c719
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/process_creation/win_susp_pcwutl.yml
View File

@ -18,9 +18,7 @@ logsource:
detection:
selection:
Image|endswith: '\rundll32.exe'
CommandLine|contains|all:
- 'pcwutl'
- 'LaunchApplication'
CommandLine|contains: 'pcwutl*LaunchApplication'
condition: selection
level: medium
falsepositives: