Skip to content

Commit

Permalink
fix: typo in ET Snake malware rule filter (SigmaHQ#4248)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Pooch11
Pooch11 authored May 18, 2023
1 parent 62caac4 commit 4038141
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion rules-emerging-threats/2023/Malware/SNAKE/file_event_win_malware_snake_werfault_creation.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ references:
- https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/05/10
modified: 2023/05/18
tags:
- attack.execution
logsource:
Expand All @@ -17,7 +18,7 @@ detection:
TargetFilename|endswith: '\WerFault.exe'
filter_main_system_location:
Image|startswith:
- 'C:\Windows\Systems32\'
- 'C:\Windows\System32\'
- 'C:\Windows\SysWOW64\'
- 'C:\Windows\WinSxS\'
condition: selection and not 1 of filter_main_*
Expand Down

0 comments on commit 4038141

Please sign in to comment.