From 4e7ceae0e113d0f5a55c3e437b1ef38d65bca753 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Mon, 9 May 2022 18:33:34 +0200
Subject: [PATCH] rule: added another keyword

---
 .../builtin/security/win_susp_opened_encrypted_zip_filename.yml  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/builtin/security/win_susp_opened_encrypted_zip_filename.yml b/rules/windows/builtin/security/win_susp_opened_encrypted_zip_filename.yml
index 5a63992b1..fd954acb5 100644
--- a/rules/windows/builtin/security/win_susp_opened_encrypted_zip_filename.yml
+++ b/rules/windows/builtin/security/win_susp_opened_encrypted_zip_filename.yml
@@ -22,6 +22,7 @@ detection:
             - 'delivery'
             - 'purchase'
             - 'order'
+            - 'payment'
     condition: selection and selection_filename
 falsepositives:
     - Legitimate used of encrypted ZIP files