valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update mal_azorult_reg.yml

Browse Source
This commit is contained in:
Jonhnathan 2020-10-27 22:18:41 -03:00 committed by GitHub
parent bfb50a3d42
commit 8f4d6f802b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/malware/mal_azorult_reg.yml
View File

@ -17,8 +17,8 @@ detection:
EventID:
- 12
- 13
TargetObject|endswith:
- 'SYSTEM\\*\services\localNETService'
TargetObject|endswith: 'SYSTEM\
TargetObject|endswith: '\services\localNETService'
condition: selection
fields:
- Image