security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update win_invoke_obfuscation_via_rundll_services.yml

Browse Source
This commit is contained in:
Timur Zinniatullin
2020-10-18 19:05:09 +03:00
committed by GitHub
parent 35a9a7d46c
commit 39bac712c3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/win_invoke_obfuscation_via_rundll_services.yml
+1 -1
View File
@@ -17,7 +17,7 @@ falsepositives:
level: medium
detection:
selection_1:
- ImagePath|re: '(?i).*rundll32(?:.exe)?(?:\s+)?shell32\.dll.*shellexec_rundll.*powershell.*\"'
- ImagePath|re: '(?i).*rundll32(?:\.exe)?(?:\s+)?shell32\.dll.*shellexec_rundll.*powershell.*\"'
condition: selection and selection_1
---
logsource: