Update win_system_susp_service_installation_folder_pattern.yml

frack113 · Feb 26, 2024 · 92cc251 · 92cc251
1 parent 6236330
commit 92cc251
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...in/system/service_control_manager/win_system_susp_service_installation_folder_pattern.yml b/...in/system/service_control_manager/win_system_susp_service_installation_folder_pattern.yml
@@ -19,7 +19,7 @@ detection:
     selection_eid:
         Provider_Name: 'Service Control Manager'
         EventID: 7045
-    suspicious_path:
+    selection_img_paths:
         - ImagePath|re: '^[Cc]:\\[Pp]rogram[Dd]ata\\.{1,9}\.exe'
         - ImagePath|re: '^[Cc]:\\.{1,9}\.exe'
     condition: all of selection_*