Merge pull request #2908 from secDre4mer/master

fix: copy / paste issues

rules/windows/process_creation/proc_creation_win_malware_conti_7zip.yml

@@ -1,4 +1,4 @@
-title: Conti Volume Shadow Listing
+title: Conti NTDS Exfiltration Command
 id: aa92fd02-09f2-48b0-8a93-864813fb8f41
 description: Detects a command used by conti to exfiltrate NTDS
 author: Max Altgelt, Tobias Michalski
@@ -20,5 +20,5 @@ falsepositives:
     - Unknown
 level: high
 tags:
-   - attack.collection  
+   - attack.collection
    - attack.t1560

rules/windows/process_creation/proc_creation_win_malware_conti_shadowcopy.yml

@@ -1,6 +1,6 @@
-title: Conti Volume Shadow Listing
+title: Sensitive Registry Access via Volume Shadow Copy
 id: f57f8d16-1f39-4dcb-a604-6c73d9b54b3d
-description: Detects a command used by conti to access volume shadow backups
+description: Detects a command that accesses password storing registry hives via volume shadow backups
 author: Max Altgelt, Tobias Michalski
 date: 2021/08/09
 modified: 2021/12/02
@@ -26,4 +26,4 @@ falsepositives:
 level: medium
 tags:
     - attack.impact
-    - attack.t1490 
+    - attack.t1490

rules/windows/process_creation/proc_creation_win_susp_cmd_shadowcopy_access.yml

@@ -1,6 +1,6 @@
-title: Conti Volume Shadow Listing
+title: Copy from Volume Shadow Copy
 id: c73124a7-3e89-44a3-bdc1-25fe4df754b1
-description: Detects a command used by conti to access volume shadow backups
+description: Detects a copy execution that targets a shadow copy (sometimes used to copy registry hives that are in use)
 author: Max Altgelt, Tobias Michalski
 date: 2021/08/09
 status: experimental
@@ -19,4 +19,4 @@ falsepositives:
 level: medium
 tags:
     - attack.impact
-    - attack.t1490 
+    - attack.t1490