Skip to content

Commit

Permalink
Merge PR SigmaHQ#4799 from @fukusuket - Fix typo in selection name
Browse files Browse the repository at this point in the history 
chore: fix typo in selection name
  • Loading branch information
@fukusuket
fukusuket authored Apr 15, 2024
1 parent ae49e3a commit 1a85bc5
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions rules/windows/registry/registry_set/registry_set_servicedll_hijack.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ references:
- https://www.hexacorn.com/blog/2013/09/19/beyond-good-ol-run-key-part-4/
author: frack113
date: 2022/02/04
modified: 2024/03/26
modified: 2024/04/03
tags:
- attack.persistence
- attack.privilege_escalation
Expand All @@ -32,7 +32,7 @@ detection:
Details: '%%systemroot%%\system32\ntdsa.dll'
filter_main_poqexec:
Image: 'C:\Windows\System32\poqexec.exe'
filter_optional_safetica\:
filter_optional_safetica:
Image|endswith: '\regsvr32.exe'
Details: 'C:\Windows\System32\STAgent.dll'
condition: selection and not 1 of filter_main_* and not 1 of filter_optional_*
Expand Down

0 comments on commit 1a85bc5

Please sign in to comment.