Sigma Rule Update (2023-08-15 20:07:09) (#478)

Co-authored-by: hach1yon <[email protected]>
Yamato-Security · Aug 15, 2023 · ac910f2 · ac910f2
1 parent 9521073
commit ac910f2
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/...in/emerging-threats/2021/Malware/Pingback/proc_creation_win_malware_pingback_backdoor.yml b/...in/emerging-threats/2021/Malware/Pingback/proc_creation_win_malware_pingback_backdoor.yml
@@ -3,7 +3,7 @@ id: b2400ffb-7680-47c0-b08a-098a7de7e7a9
 related:
     -   id: 35a7dc42-bc6f-46e0-9f83-81f8e56c8d4b
         type: similar
-    -   id: 2bd63d53-84d4-4210-80ff-bf0658f1bf789
+    -   id: 2bd63d53-84d4-4210-80ff-bf0658f1bf78
         type: similar
 status: test
 description: Detects the use of Pingback backdoor that creates ICMP tunnel for C2

diff --git a/...on/emerging-threats/2021/Malware/Pingback/proc_creation_win_malware_pingback_backdoor.yml b/...on/emerging-threats/2021/Malware/Pingback/proc_creation_win_malware_pingback_backdoor.yml
@@ -3,7 +3,7 @@ id: b2400ffb-7680-47c0-b08a-098a7de7e7a9
 related:
     -   id: 35a7dc42-bc6f-46e0-9f83-81f8e56c8d4b
         type: similar
-    -   id: 2bd63d53-84d4-4210-80ff-bf0658f1bf789
+    -   id: 2bd63d53-84d4-4210-80ff-bf0658f1bf78
         type: similar
 status: test
 description: Detects the use of Pingback backdoor that creates ICMP tunnel for C2

diff --git a/sigma/sysmon/file/file_event/file_event_win_winrm_awl_bypass.yml b/sigma/sysmon/file/file_event/file_event_win_winrm_awl_bypass.yml
@@ -1,7 +1,7 @@
 title: AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File
 id: d353dac0-1b41-46c2-820c-d7d2561fc6ed
 related:
-    -   id: 074e0ded-6ced-4ebd-8b4d-53f55908119
+    -   id: 074e0ded-6ced-4ebd-8b4d-53f55908119d
         type: derived
 status: test
 description: Detects execution of attacker-controlled WsmPty.xsl or WsmTxt.xsl via