From 68d30293b55519534cb679c8768afd99a984a426 Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Sat, 6 Nov 2021 10:16:16 +0100
Subject: [PATCH 1/2] Cleanup process_creation

---
 .../process_creation_command_execution_by_office_applications.yml | 0
 .../win_exchange_proxylogon_oabvirtualdir.yml                     | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename rules/windows/{process_creation => other}/process_creation_command_execution_by_office_applications.yml (100%)
 rename rules/windows/{process_creation => other}/win_exchange_proxylogon_oabvirtualdir.yml (100%)

diff --git a/rules/windows/process_creation/process_creation_command_execution_by_office_applications.yml b/rules/windows/other/process_creation_command_execution_by_office_applications.yml
similarity index 100%
rename from rules/windows/process_creation/process_creation_command_execution_by_office_applications.yml
rename to rules/windows/other/process_creation_command_execution_by_office_applications.yml
diff --git a/rules/windows/process_creation/win_exchange_proxylogon_oabvirtualdir.yml b/rules/windows/other/win_exchange_proxylogon_oabvirtualdir.yml
similarity index 100%
rename from rules/windows/process_creation/win_exchange_proxylogon_oabvirtualdir.yml
rename to rules/windows/other/win_exchange_proxylogon_oabvirtualdir.yml

From aa8694fdefbfb2e5071a2c657d15283c00b21c18 Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Sat, 6 Nov 2021 10:17:12 +0100
Subject: [PATCH 2/2] add missing category

---
 rules/windows/process_creation/win_task_folder_evasion.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/win_task_folder_evasion.yml b/rules/windows/process_creation/win_task_folder_evasion.yml
index 402ff3615..e45421438 100644
--- a/rules/windows/process_creation/win_task_folder_evasion.yml
+++ b/rules/windows/process_creation/win_task_folder_evasion.yml
@@ -6,7 +6,7 @@ references:
     - https://twitter.com/subTee/status/1216465628946563073
     - https://gist.github.com/am0nsec/8378da08f848424e4ab0cc5b317fdd26
 date: 2020/01/13
-modified: 2021/05/30
+modified: 2021/11/06
 author: Sreeman
 tags:
     - attack.defense_evasion
@@ -15,9 +15,9 @@ tags:
     - attack.t1574.002
     - attack.t1059  # an old one
     - attack.t1064  # an old one
-
 logsource:
     product: windows
+    category: process_creation
 detection:
     selection1:
         CommandLine|contains: