From b4377ed632b93a42a5ce08d5027ed283f87d3316 Mon Sep 17 00:00:00 2001
From: Nikita Nazarov <61659062+NikitaStormwind@users.noreply.github.com>
Date: Thu, 8 Oct 2020 17:45:07 +0300
Subject: [PATCH] Update powershell_invoke_obfuscation_via_use_rundll32.yml

---
 .../powershell_invoke_obfuscation_via_use_rundll32.yml          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/powershell/powershell_invoke_obfuscation_via_use_rundll32.yml b/rules/windows/powershell/powershell_invoke_obfuscation_via_use_rundll32.yml
index 182bffe35..8d2a2bc0d 100644
--- a/rules/windows/powershell/powershell_invoke_obfuscation_via_use_rundll32.yml
+++ b/rules/windows/powershell/powershell_invoke_obfuscation_via_use_rundll32.yml
@@ -4,7 +4,7 @@ description: Detects Obfuscated Powershell via use Rundll32 in Scripts
 status: experimental
 author: Nikita Nazarov, oscd.community
 date: 2019/10/08
-references: -https://github.com/Neo23x0/sigma/issues/1009
+references: - https://github.com/Neo23x0/sigma/issues/1009
 tags:
     - attack.defense_evasion
     - attack.t1027