From b04efe8d6f5f2d45708d54d8e517b6a28c523f4c Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Fri, 20 Jan 2023 06:45:38 +0100
Subject: [PATCH] Update proc_creation_win_susp_cmd_exectution_via_wmi.yml

---
 .../windows/proc_creation_win_susp_cmd_exectution_via_wmi.yml    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules-deprecated/windows/proc_creation_win_susp_cmd_exectution_via_wmi.yml b/rules-deprecated/windows/proc_creation_win_susp_cmd_exectution_via_wmi.yml
index f11744720..33f9a3290 100644
--- a/rules-deprecated/windows/proc_creation_win_susp_cmd_exectution_via_wmi.yml
+++ b/rules-deprecated/windows/proc_creation_win_susp_cmd_exectution_via_wmi.yml
@@ -6,6 +6,7 @@ references:
     - https://www.elastic.co/guide/en/security/current/suspicious-cmd-execution-via-wmi.html
 author: Tim Rauch
 date: 2022/09/27
+modified: 2023/01/19
 tags:
     - attack.execution
     - attack.t1047