From c33119563729eca8a2517d92aa7922ad2cd59cd9 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Thu, 24 Mar 2022 15:17:29 +0100
Subject: [PATCH] fix: empty query in rule > bug

---
 rules/network/net_wannacry_killswitch_domain.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/rules/network/net_wannacry_killswitch_domain.yml b/rules/network/net_wannacry_killswitch_domain.yml
index 52eb64c33..9ca3530c5 100644
--- a/rules/network/net_wannacry_killswitch_domain.yml
+++ b/rules/network/net_wannacry_killswitch_domain.yml
@@ -6,7 +6,7 @@ author: Mike Wade
 references:
   - https://www.fireeye.com/blog/products-and-services/2017/05/wannacry-ransomware-campaign.html
 date: 2020/09/16
-modified: 2021/11/27
+modified: 2022/03/24
 logsource:
   category: dns
 detection:
@@ -17,7 +17,6 @@ detection:
       - 'ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com'
       - 'ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf.com'
       - 'iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea.com'
-      - ''
   condition: selection
 falsepositives:
   - Analyst testing