valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: fixed rule warning

Browse Source
This commit is contained in:
Florian Roth 2019-09-30 19:38:40 +02:00
parent 2fbd35053e
commit 9a7ef0e3c2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/process_creation/win_malware_emotet.yml
View File

@ -10,12 +10,12 @@ logsource:
category: process_creation
product: windows
detection:
selection1:
selection:
CommandLine:
- '* -enc PAA*'
- '* -enco PAA*'
- '* -encod PAA*'
condition: 1 of them
condition: selection
fields:
- CommandLine
- ParentCommandLine