From 6c1761a7b742cd7fcbde5dc2cfd92db6ebefe062 Mon Sep 17 00:00:00 2001
From: David ANDRE <elhoim@gmail.com>
Date: Fri, 9 Sep 2022 16:12:59 +0200
Subject: [PATCH] Revert "Merge branch 'master' of github.com:elhoim/sigma"

This reverts commit fc98278b194aba57181ee70cfb17f522906a55ea.
---
 .../windows/file_change/file_change_win_2022_timestomping.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/file_change/file_change_win_2022_timestomping.yml b/rules/windows/file_change/file_change_win_2022_timestomping.yml
index 0a2643eaf..cfdf05658 100644
--- a/rules/windows/file_change/file_change_win_2022_timestomping.yml
+++ b/rules/windows/file_change/file_change_win_2022_timestomping.yml
@@ -8,7 +8,7 @@ references:
     - https://www.inversecos.com/2022/04/defence-evasion-technique-timestomping.html
 author: frack113, Florian Roth
 date: 2022/08/12
-modified: 2022/09/09
+modified: 2022/09/05
 tags:
     - attack.t1070.006
     - attack.defense_evasion
@@ -33,7 +33,7 @@ detection:
         - TargetFilename|endswith:
             - '.tmp'
             - '.temp'
-    condition: (( selection1 and not filter1 ) or ( selection2 and not filter2 )) and not 1 of gen_filter*
+    condition: ( selection1 and not filter1 ) or ( selection2 and not filter2 ) and not 1 of gen_filter*
 falsepositives:
     - Changes made to or by the local NTP service
 level: high