From ffbeec134dcd321efd3e5bbeb19867f865ad26b6 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Thu, 9 Sep 2021 19:56:20 +0200
Subject: [PATCH] Update image_load_wmiprvse_wbemcomn_dll_hijack.yml

---
 .../image_load/image_load_wmiprvse_wbemcomn_dll_hijack.yml      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/image_load/image_load_wmiprvse_wbemcomn_dll_hijack.yml b/rules/windows/image_load/image_load_wmiprvse_wbemcomn_dll_hijack.yml
index 1b117e855..5eeb2e833 100644
--- a/rules/windows/image_load/image_load_wmiprvse_wbemcomn_dll_hijack.yml
+++ b/rules/windows/image_load/image_load_wmiprvse_wbemcomn_dll_hijack.yml
@@ -3,7 +3,7 @@ id: 7707a579-e0d8-4886-a853-ce47e4575aaa
 description: Detects a threat actor creating a file named `wbemcomn.dll` in the `C:\Windows\System32\wbem\` directory over the network and loading it for a WMI DLL Hijack scenario.
 status: experimental
 date: 2020/10/12
-modified: 2021/06/10
+modified: 2021/09/09
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
 tags:
     - attack.execution