Merge pull request #2714 from frack113/fix_reg_fp

Fix FP binary

rules/windows/registry_event/win_re_ie_persistence.yml

@@ -3,7 +3,7 @@ id: d88d0ab2-e696-4d40-a2ed-9790064e66b3
 description: Use IE registry to hide a scripts
 author: frack113
 date: 2022/01/22
-modified: 2022/02/13
+modified: 2022/02/20
 status: experimental
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md#atomic-test-5---javascript-in-registry
@@ -21,6 +21,8 @@ detection:
             - 'Cookie:'
             - 'Visited:'
             - '(Empty)'
+    filter_binary:
+        Details: 'Binary Data'
     condition: selection_domains and not 1 of filter_*
 falsepositives:
     - Unknown