valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Clean rule rules/windows/malware/win_mal_octopus_scanner.yml to use category

Browse Source
This commit is contained in:
Steven 2021-04-15 02:30:41 +02:00
parent a9f2a80b8c
commit cce8d945a0
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rules/windows/malware/win_mal_octopus_scanner.yml
View File

@ -13,12 +13,11 @@ logsource:
product: windows
category: file_event
detection:
filecreate:
selection:
TargetFilename|endswith:
- '\AppData\Local\Microsoft\Cache134.dat'
- '\AppData\Local\Microsoft\ExplorerSync.db'
condition: filecreate and selection
condition: selection
falsepositives:
- Unknown
level: high