From 179bfa7d5607328ec6dbb5db1c0b44dd53df8754 Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Thu, 27 May 2021 20:59:26 +0200
Subject: [PATCH] duplicate uuid 2dbd9d3d-9e27-42a8-b8df-f13825c6c3d5 -
 sysmon_susp_webdav_client_execution.yml -
 sysmon_wdigest_enable_uselogoncredential.yml

---
 .../sysmon_wdigest_enable_uselogoncredential.yml               | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules/windows/registry_event/sysmon_wdigest_enable_uselogoncredential.yml b/rules/windows/registry_event/sysmon_wdigest_enable_uselogoncredential.yml
index 875bbbeb4..6a53796b6 100644
--- a/rules/windows/registry_event/sysmon_wdigest_enable_uselogoncredential.yml
+++ b/rules/windows/registry_event/sysmon_wdigest_enable_uselogoncredential.yml
@@ -1,8 +1,9 @@
 title: Wdigest Enable UseLogonCredential
-id: 2dbd9d3d-9e27-42a8-b8df-f13825c6c3d5
+id: d6a9b252-c666-4de6-8806-5561bbbd3bdc
 description: Detects potential malicious modification of the property value of UseLogonCredential from HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest to enable clear-text credentials
 status: experimental
 date: 2019/09/12
+modified: 2021/05/27
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
 tags:
     - attack.defense_evasion