From 4c2a3c3036caa65d8749ce5e3ca6296d3bcf2ff2 Mon Sep 17 00:00:00 2001
From: markus-nclose <38457858+markus-nclose@users.noreply.github.com>
Date: Wed, 2 Feb 2022 07:31:48 +0200
Subject: [PATCH] CobaltStrike typo

This typo keeps sneaking back in - critical for detection.
Spelling correct according to https://www.nextron-systems.com/wp-content/uploads/2018/09/Antivirus_Event_Analysis_CheatSheet_1.5-2.pdf
---
 rules/application/antivirus/av_exploiting.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/application/antivirus/av_exploiting.yml b/rules/application/antivirus/av_exploiting.yml
index 8f63f2a3c..018fef2de 100644
--- a/rules/application/antivirus/av_exploiting.yml
+++ b/rules/application/antivirus/av_exploiting.yml
@@ -17,7 +17,7 @@ detection:
       - 'Meterpreter'
       - 'Metasploit'
       - 'PowerSploit'
-      - 'CobaltSrike'
+      - 'CobaltStrike'
       - 'Swrort'
       - 'Rozena'
       - 'Backdoor.Cobalt'