From c8cd7ea070fad874fe8f7e1a5dcc14e5746b6027 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Mon, 30 Jan 2023 21:04:46 +0100
Subject: [PATCH] fix: add missing modified for deprecated rules

---
 .../proc_creation_win_powershell_base64_invoke_susp_cmdlets.yml | 1 +
 .../proc_creation_win_powershell_base64_listing_shadowcopy.yml  | 2 +-
 .../proc_creation_win_powershell_xor_encoded_command.yml        | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/rules-deprecated/windows/proc_creation_win_powershell_base64_invoke_susp_cmdlets.yml b/rules-deprecated/windows/proc_creation_win_powershell_base64_invoke_susp_cmdlets.yml
index 7fd61d25f..6463b04a8 100644
--- a/rules-deprecated/windows/proc_creation_win_powershell_base64_invoke_susp_cmdlets.yml
+++ b/rules-deprecated/windows/proc_creation_win_powershell_base64_invoke_susp_cmdlets.yml
@@ -6,6 +6,7 @@ references:
     - https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
 author: pH-T
 date: 2022/05/31
+modified: 2023/01/30
 tags:
     - attack.execution
     - attack.t1059.001
diff --git a/rules-deprecated/windows/proc_creation_win_powershell_base64_listing_shadowcopy.yml b/rules-deprecated/windows/proc_creation_win_powershell_base64_listing_shadowcopy.yml
index 12d0707c3..23de7607d 100644
--- a/rules-deprecated/windows/proc_creation_win_powershell_base64_listing_shadowcopy.yml
+++ b/rules-deprecated/windows/proc_creation_win_powershell_base64_listing_shadowcopy.yml
@@ -6,7 +6,7 @@ references:
     - https://github.com/Neo23x0/Raccine/blob/20a569fa21625086433dcce8bb2765d0ea08dcb6/yara/mal_revil.yar
 author: Christian Burkard
 date: 2022/03/01
-modified: 2022/03/07
+modified: 2023/01/30
 tags:
     - attack.execution
     - attack.t1059.001
diff --git a/rules-deprecated/windows/proc_creation_win_powershell_xor_encoded_command.yml b/rules-deprecated/windows/proc_creation_win_powershell_xor_encoded_command.yml
index 43d8a2e41..bf7037a88 100644
--- a/rules-deprecated/windows/proc_creation_win_powershell_xor_encoded_command.yml
+++ b/rules-deprecated/windows/proc_creation_win_powershell_xor_encoded_command.yml
@@ -6,7 +6,7 @@ references:
     - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse?slide=65
 author: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton
 date: 2022/07/06
-modified: 2023/01/26
+modified: 2023/01/30
 tags:
     - attack.defense_evasion
     - attack.t1027