From b08f0135fc6f90c2299de83acfc62dd4c7b0394e Mon Sep 17 00:00:00 2001 From: phantinuss <79651203+phantinuss@users.noreply.github.com> Date: Tue, 28 Nov 2023 10:48:08 +0100 Subject: [PATCH] fix: minor --- .../proc_creation_win_browsers_chromium_load_extension.yml | 2 +- .../proc_creation_win_browsers_chromium_susp_load_extension.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/process_creation/proc_creation_win_browsers_chromium_load_extension.yml b/rules/windows/process_creation/proc_creation_win_browsers_chromium_load_extension.yml index 3cbd5efb295..8319387bda8 100644 --- a/rules/windows/process_creation/proc_creation_win_browsers_chromium_load_extension.yml +++ b/rules/windows/process_creation/proc_creation_win_browsers_chromium_load_extension.yml @@ -4,7 +4,7 @@ related: - id: 27ba3207-dd30-4812-abbf-5d20c57d474e type: similar status: experimental -description: Detects a chromium based browser process with the 'load-extension' flag to start a instance with custom extension +description: Detects a Chromium based browser process with the 'load-extension' flag to start a instance with a custom extension references: - https://redcanary.com/blog/chromeloader/ - https://emkc.org/s/RJjuLa diff --git a/rules/windows/process_creation/proc_creation_win_browsers_chromium_susp_load_extension.yml b/rules/windows/process_creation/proc_creation_win_browsers_chromium_susp_load_extension.yml index c3999711930..3fbed6e5eaf 100644 --- a/rules/windows/process_creation/proc_creation_win_browsers_chromium_susp_load_extension.yml +++ b/rules/windows/process_creation/proc_creation_win_browsers_chromium_susp_load_extension.yml @@ -4,7 +4,7 @@ related: - id: 88d6e60c-759d-4ac1-a447-c0f1466c2d21 type: similar status: experimental -description: Detects a suspicious process spawning a Chromium based browser process with the 'load-extension' flag to start a instance with custom extension +description: Detects a suspicious process spawning a Chromium based browser process with the 'load-extension' flag to start an instance with a custom extension references: - https://redcanary.com/blog/chromeloader/ - https://emkc.org/s/RJjuLa