Merge pull request #389 from christophetd/patch-1

Include Github raw URLs in suspicious downloads detection rule
2019-07-05 16:54:09 +02:00
parent f7ba2b3976 5bc10a4855
commit 2b062a0de7
1 changed files with 1 additions and 0 deletions
@@ -18,6 +18,7 @@ detection:
        DestinationHostname: 
            - '*dl.dropboxusercontent.com'
            - '*.pastebin.com'
+            - '*.githubusercontent.com' # includes both gists and github repositories
        Image: 'C:\Windows\\*'
    condition: selection
 falsepositives: