Apply suggestions from code review

Co-authored-by: frack113 <[email protected]>
SigmaHQ · Dec 14, 2024 · 535032c · 535032c
1 parent b8fb6aa
commit 535032c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/rules/windows/file/file_event/file_event_win_creation_configuration_rats.yml b/rules/windows/file/file_event/file_event_win_creation_configuration_rats.yml
@@ -1,6 +1,6 @@
 title: File Creation Related To RAT Clients
 id: 2f3039c8-e8fe-43a9-b5cf-dcd424a2522d
-status: test
+status: experimental
 description: File .conf created related to VenomRAT, AsyncRAT and Lummac samples observed in the wild.
 references:
     - https://www.virustotal.com/gui/file/c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761

diff --git a/rules/windows/process_creation/proc_creation_win_more_vbc_lummac.yml b/rules/windows/process_creation/proc_creation_win_more_vbc_lummac.yml
@@ -1,6 +1,6 @@
 title: Detect The Execution Of More.com And Vbc.exe Related to Lummac Stealer
 id: 19b3806e-46f2-4b4c-9337-e3d8653245ea
-status: test
+status: experimental
 description: Detects the execution of more.com and vbc.exe in the process tree. This behavior was observed by a set of samples related to Lummac Stealer. The Lummac payload is injected into the vbc.exe process.
 references:
     - https://www.virustotal.com/gui/search/behaviour_processes%253A%2522C%253A%255C%255CWindows%255C%255CSysWOW64%255C%255Cmore.com%2522%2520behaviour_processes%253A%2522C%253A%255C%255CWindows%255C%255CMicrosoft.NET%255C%255CFramework%255C%255Cv4.0.30319%255C%255Cvbc.exe%2522/files