Update win_data_compressed.yml

2024-11-08 02:08:54 +00:00 · 2019-10-22 14:57:53 +03:00 · 2019-10-22 14:57:53 +03:00 · a8bd2c8e78
commit a8bd2c8e78
parent 74d1fef8b8
1 changed files with 3 additions and 1 deletions
--- a/rules/windows/process_creation/win_data_compressed.yml
+++ b/rules/windows/process_creation/win_data_compressed.yml
@ -19,6 +19,9 @@ detection:
            - '*\powershell.exe'
        CommandLine:
            - '*-Recurse | Compress-Archive*'
+            - '*-Recurse| Compress-Archive*'
+            - '*-Recurse |Compress-Archive*'
+            - '*-Recurse|Compress-Archive*'
    condition: selection1 or selection2
 fields:
    - Image
@ -34,4 +37,3 @@ level: low
 tags:
    - attack.exfiltration
    - attack.t1002
-