fix some typo error

stbe · Jul 12, 2021 · af140eb · af140eb
1 parent 99b0d32
commit af140eb
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/rules/windows/malware/av_printernightmare_cve_2021_34527.yml b/rules/windows/malware/av_printernightmare_cve_2021_34527.yml
@@ -8,7 +8,7 @@ references:
     - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
 author: Sittikorn S, Nuttakorn T
 date: 2021/07/01
-tag:
+tags:
     - attack.privilege_escalation
     - attack.t1055
 logsource:

diff --git a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml
@@ -1,7 +1,7 @@
 title: Suspicious Netsh DLL Persistence
 id: 56321594-9087-49d9-bf10-524fe8479452
 description: Detects persitence via netsh helper
-status: testing
+status: test
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1128/T1128.md
 tags:

diff --git a/rules/windows/sysmon/sysmon_abusing_windows_telemetry_for_persistence.yml b/rules/windows/sysmon/sysmon_abusing_windows_telemetry_for_persistence.yml
@@ -1,7 +1,7 @@
 action: global
 title: Abusing Windows Telemetry For Persistence
 id: 4e8d5fd3-c959-441f-a941-f73d0cdcdca5
-status: Experimental
+status: experimental
 description: Windows telemetry makes use of the binary CompatTelRunner.exe to run a variety of commands and perform the actual telemetry collections. This binary was created to be easily extensible, and to that end, it relies on the registry to instruct on which commands to run. The problem is, it will run any arbitrary command without restriction of location or type.
 references:
     - https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/