Update win_mal_flowcloud.yml

2024-11-07 09:48:58 +00:00 · 2020-10-15 16:16:08 -03:00 · 2020-10-15 16:16:08 -03:00 · 8d44548a2c
commit 8d44548a2c
parent ef646e74d8
1 changed files with 2 additions and 1 deletions
--- a/rules/windows/malware/win_mal_flowcloud.yml
+++ b/rules/windows/malware/win_mal_flowcloud.yml
@ -21,7 +21,8 @@ detection:
      - 'HKLM\HARDWARE\{804423C2-F490-4ac3-BFA5-13DEDE63A71A}'
      - 'HKLM\HARDWARE\{A5124AF5-DF23-49bf-B0ED-A18ED3DEA027}'
      - 'HKLM\HARDWARE\{2DB80286-1784-48b5-A751-B6ED1F490303}'
-      - 'HKLM\SYSTEM\Setup\PrintResponsor\\*'
+    TargetObject|startswith:
+      - 'HKLM\SYSTEM\Setup\PrintResponsor\\'
  condition: selection
 falsepositives:
  - Unknown