Update win_apt_cloudhopper.yml

2020-11-28 10:20:12 +01:00
parent 4a2cce0b40
commit 9ae26e2674
1 changed files with 3 additions and 1 deletions
@@ -16,7 +16,9 @@ logsource:
 detection:
    selection:
        Image|endswith: '\cscript.exe'
-        CommandLine|contains: '.vbs /shell '
+        CommandLine|contains|all:
+            - '.vbs'
+            - '/shell'
    condition: selection
 fields:
    - CommandLine