Skip to content

Commit

Permalink
Merge PR SigmaHQ#4617 from @GtUGtHGtNDtEUaE - Fix Typo In Process Name
Browse files Browse the repository at this point in the history 
fix: Unusual Parent Process For Cmd.EXE - Fix typo in `wermgr` process name
  • Loading branch information
@GtUGtHGtNDtEUaE
GtUGtHGtNDtEUaE authored Dec 6, 2023
1 parent f07e2b3 commit 63599c8
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions rules/windows/process_creation/proc_creation_win_cmd_unusual_parent.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ references:
- https://www.elastic.co/guide/en/security/current/unusual-parent-process-for-cmd.exe.html
author: Tim Rauch
date: 2022/09/21
modified: 2023/03/07
modified: 2023/12/05
tags:
- attack.execution
- attack.t1059
Expand Down Expand Up @@ -38,7 +38,7 @@ detection:
- '\taskhostw.exe'
- '\unsecapp.exe'
- '\WerFault.exe'
- '\wergmgr.exe'
- '\wermgr.exe'
- '\wlanext.exe'
- '\WUDFHost.exe'
condition: selection
Expand Down

0 comments on commit 63599c8

Please sign in to comment.