Update proc_creation_win_mstsc.yml

2022-06-12 17:52:37 +02:00
parent b0730c613b
commit fb0618795f
1 changed files with 4 additions and 4 deletions
@@ -22,13 +22,13 @@ detection:
        - OriginalFileName: 'cmdkey.exe'
    selection_cmdkey_cli:
        CommandLine|contains|all:
-            - '/g'
-            - '/u'
-            - '/p'
+            - ' /g'
+            - ' /u'
+            - ' /p'
    condition: all of selection_mstsc* or all of selection_cmdkey*
 falsepositives:
    - Unknown
 level: medium
 tags:
    - attack.lateral_movement
-    - attack.t1021.001
+    - attack.t1021.001