From 911d0fa15887cc3dc2ecb5685252f0465ca83bf3 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Mon, 22 Aug 2022 19:31:17 +0200
Subject: [PATCH] Add dll and ocx

---
 .../file_event/file_event_proxy_dropping_executable.yml      | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rules/windows/file_event/file_event_proxy_dropping_executable.yml b/rules/windows/file_event/file_event_proxy_dropping_executable.yml
index 7a5fba9d5..bc7731447 100644
--- a/rules/windows/file_event/file_event_proxy_dropping_executable.yml
+++ b/rules/windows/file_event/file_event_proxy_dropping_executable.yml
@@ -37,7 +37,10 @@ detection:
             - \RdrCEF.exe
             - \mshta.exe
             - \hh.exe
-        TargetFilename|endswith: '.exe'
+        TargetFilename|endswith:
+            - '.exe'
+            - '.dll'
+            - '.ocx'
     condition: selection
 falsepositives:
     - Unknown