valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor: exclude case in which upper ticks are used

Browse Source
This commit is contained in:
Florian Roth 2021-09-09 12:55:10 +02:00
parent 6d86c7df6c
commit f00aaf8461
No known key found for this signature in database
GPG Key ID: 5C328E4878049D7A
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/process_creation/win_susp_control_cve_2021_40444.yml
View File

@ -20,7 +20,9 @@ detection:
- '\powerpnt.exe'
- '\excel.exe'
filter:
CommandLine|endswith: '\control.exe input.dll'
CommandLine|endswith:
- '\control.exe input.dll'
- '\control.exe" input.dll'
condition: selection and not filter
falsepositives:
- Unknown