fix: avoid FPs with HTool string

2021-07-28 14:23:54 +02:00
parent 5d039dd138
commit aefd50f049
1 changed files with 2 additions and 2 deletions
@@ -3,14 +3,14 @@ id: 78bc5783-81d9-4d73-ac97-59f6db4f72a8
 description: This detection method points out highly relevant Antivirus events
 author: Florian Roth
 date: 2017/02/19
-modified: 2021/01/07
+modified: 2021/07/28
 logsource:
    product: windows
    service: application
 detection:
    keywords:
        Message|contains:
-            - "HTool"
+            - "HTool-"
            - "Hacktool"
            - "ASP/Backdoor"
            - "JSP/Backdoor"