From 7c5f985f6f4656bc41c8eba3d856db8e4e5c5b12 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Wed, 17 Apr 2019 23:30:49 +0200
Subject: [PATCH] Modifications

---
 .../win_office_spawn_exe_from_users_directory.yml            | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/rules/windows/process_creation/win_office_spawn_exe_from_users_directory.yml b/rules/windows/process_creation/win_office_spawn_exe_from_users_directory.yml
index 143807e30..7232e3e59 100644
--- a/rules/windows/process_creation/win_office_spawn_exe_from_users_directory.yml
+++ b/rules/windows/process_creation/win_office_spawn_exe_from_users_directory.yml
@@ -1,6 +1,6 @@
-title: Microsoft Office Product Spawning exe in users directory 
+title: MS Office Product Spawning Exe in User Dir 
 status: experimental
-description: Detects an executable in the users directory started from Microsoft Word, Excel, Powerpoint, Publisher and Visio.
+description: Detects an executable in the users directory started from Microsoft Word, Excel, Powerpoint, Publisher or Visio
 references:
     - sha256: 23160972c6ae07f740800fa28e421a81d7c0ca5d5cab95bc082b4a986fbac57c
     - https://blog.morphisec.com/fin7-not-finished-morphisec-spots-new-campaign 
@@ -10,7 +10,6 @@ tags:
     - attack.t1059
     - attack.t1202
     - FIN7
-
 author: Jason Lynch 
 date: 2019/04/02
 logsource: