From 6fb4bd73b7eea485a717d19df25eb76587d02573 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 29 Jul 2021 18:18:18 +0200 Subject: [PATCH] fix: bug in filename IOC regex --- iocs/filename-iocs.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iocs/filename-iocs.txt b/iocs/filename-iocs.txt index 3e192196..4e0375bf 100644 --- a/iocs/filename-iocs.txt +++ b/iocs/filename-iocs.txt @@ -3694,7 +3694,7 @@ _BloodHound\.zip;90 \\ntlmrelayx;80 # PlugX THOR Filename IOCs https://unit42.paloaltonetworks.com/thor-plugx-variant/ -C:\\ProgramData\\MSDN\\6\.0\NTUSER\.DAT;80 +C:\\ProgramData\\MSDN\\6\.0\\NTUSER\.DAT;80 # TA456 targeting defence contractors https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media \\AppData\\Perflog\\Schedule\.vbs;90