From a9500a3b1ac4649b0ce7293ceabe206b89f7ce2d Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Thu, 1 Jul 2021 09:46:35 +0200
Subject: [PATCH] refactor: any finding in spool drivers is relevant

---
 .../malware/av_printernightmare_cve_2021_1675.yml     | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/rules/windows/malware/av_printernightmare_cve_2021_1675.yml b/rules/windows/malware/av_printernightmare_cve_2021_1675.yml
index 60ad46be9..eafe874cd 100644
--- a/rules/windows/malware/av_printernightmare_cve_2021_1675.yml
+++ b/rules/windows/malware/av_printernightmare_cve_2021_1675.yml
@@ -13,14 +13,9 @@ tag:
 logsource:
     product: antivirus
 detection:
-    selection_path:
-        FileName|contains:
-            - 'C:\Windows\System32\spool\drivers\x64\'
-    selection_malware:
-        FileName|endswith:
-            - '.dll'
-            - '.exe'
-    condition: selection_path and selection_malware
+    selection:
+        FileName|contains: 'C:\Windows\System32\spool\drivers\x64\'
+    condition: selection
 fields:
     - Signature
     - FileName