Skip to content

Commit

Permalink
Typo fix in detection
Browse files Browse the repository at this point in the history
  • Loading branch information
Swachchhanda Shrawan Poudel authored and Swachchhanda Shrawan Poudel committed Mar 12, 2024
1 parent d145f9a commit 5b50dc0
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions ...-emerging-threats/2024/Malware/Raspberry-Robin/registry_set_internet_settings_zonemap.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,18 @@ detection:
- '\Windows\Temp\'
- '\Users\Public\'
- Image|endswith: '\control.exe'
selection_registry_object:
selection_suspicious_registry_object:
TargetObject|contains: '\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\'
selection_enable:
selection_registry_enable:
TargetObject|endswith:
- 'ProxyBypass'
- 'IntranetName'
- 'UNCAsIntranet'
Details|contains: 'DWORD (0x00000001)'
selection_disable:
selection_registry_disable:
TargetObject|endswith: 'AutoDetect'
Details|contains: 'DWORD (0x00000000)'
condition: 1 of selection_*
condition: (all of selection_suspicious_*) and 1 of selection_registry_*
falsepositives:
- Unknown
# Note: can be upgraded to medium after an initial baseline
Expand Down

0 comments on commit 5b50dc0

Please sign in to comment.