Update win_bypass_squiblytwo.yml

2020-11-26 23:33:00 -03:00
parent d5803b89ef
commit a403082631
1 changed files with 2 additions and 2 deletions
@@ -24,8 +24,8 @@ logsource:
    product: windows
 detection:
    selection1:
-        Image:
-            - '*\wmic.exe'
+        Image|endswith:
+            - '\wmic.exe'
        CommandLine|contains|all:
            - wmic
            - format