From ffac77fb37258e138a8bcb72aeabc16e04aa1efd Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@bsk-consulting.de>
Date: Fri, 22 Mar 2019 11:03:48 +0100
Subject: [PATCH] Rule: extended LockerGoga description

---
 rules/windows/process_creation/win_mal_lockergoga.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_mal_lockergoga.yml b/rules/windows/process_creation/win_mal_lockergoga.yml
index 29abe3276..3c46fe845 100644
--- a/rules/windows/process_creation/win_mal_lockergoga.yml
+++ b/rules/windows/process_creation/win_mal_lockergoga.yml
@@ -1,5 +1,5 @@
 title: LockerGoga Ransomware
-description: Detects LockaerGoga ransomware
+description: Detects a command that clears the WMI trace log which indicates LockaerGoga ransomware activity
 references:
     - https://abuse.io/lockergoga.txt
 author: Florian Roth
@@ -15,3 +15,4 @@ detection:
     selection:
         CommandLine: '* cl Microsoft-Windows-WMI-Activity/Trace'
     condition: selection
+