From 21108e60a65fcbef16d00fbb5a8667e1e5eee9dd Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@bsk-consulting.de>
Date: Sat, 3 Jun 2017 14:53:08 +0200
Subject: [PATCH] Fixed description and title

---
 rules/apt/crime_fireball.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/apt/crime_fireball.yml b/rules/apt/crime_fireball.yml
index e380be143..4be1055af 100644
--- a/rules/apt/crime_fireball.yml
+++ b/rules/apt/crime_fireball.yml
@@ -1,6 +1,6 @@
-title: Detects Fireball - archer.dll 
+title: Detects Fireball - Archer Install
 status: experimental
-description: Detects suspicious Rundll32 execution 
+description: Detects Archer malware invocation via rundll32
 author: Florian Roth
 date: 2017/06/03
 reference: 
@@ -13,7 +13,7 @@ detection:
     selection:
         EventID: 1
         CommandLine: '*\rundll32.exe *,InstallArcherSvc'
-    condition: selection and not filter
+    condition: selection
 falsepositives:
     - Unknown
 level: high