From 8973b573bde4d4086e96a165f554a0dcfbf72038 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Tue, 4 May 2021 09:36:26 +0200
Subject: [PATCH] Update and rename
 rules/windows/other/win_Outlook_C2_Macro_Creation.yml to
 rules/windows/file_event/win_outlook_c2_macro_creation.yml

---
 .../win_outlook_c2_macro_creation.yml}                        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename rules/windows/{other/win_Outlook_C2_Macro_Creation.yml => file_event/win_outlook_c2_macro_creation.yml} (74%)

diff --git a/rules/windows/other/win_Outlook_C2_Macro_Creation.yml b/rules/windows/file_event/win_outlook_c2_macro_creation.yml
similarity index 74%
rename from rules/windows/other/win_Outlook_C2_Macro_Creation.yml
rename to rules/windows/file_event/win_outlook_c2_macro_creation.yml
index eec322406..e2b9f0c1e 100644
--- a/rules/windows/other/win_Outlook_C2_Macro_Creation.yml
+++ b/rules/windows/file_event/win_outlook_c2_macro_creation.yml
@@ -1,7 +1,7 @@
-title: BEC - Outlook C2 Macro Creation
+title: Outlook C2 Macro Creation
 id: 8c31f563-f9a7-450c-bfa8-35f8f32f1f61
 status: experimental
-description: Detects the creation of a macro file for Outlook. Goes with win_Outlook_C2_Registry_Key. VbaProject.OTM is explicitly mentioned in T1137. Particularly interesting if both events (Registry & File Creation happens at the same time. 
+description: Detects the creation of a macro file for Outlook. Goes with win_outlook_c2_registry_key. VbaProject.OTM is explicitly mentioned in T1137. Particularly interesting if both events Registry & File Creation happens at the same time. 
 references:
     - https://www.mdsec.co.uk/2020/11/a-fresh-outlook-on-mail-based-persistence/
 author: '@ScoubiMtl'