Update image_load_malware_raspberry_robin_side_load_aclui_oleview.yml

swachchhanda000 · Aug 1, 2024 · a3be253 · a3be253
1 parent 083907f
commit a3be253
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...24/Malware/Raspberry-Robin/image_load_malware_raspberry_robin_side_load_aclui_oleview.yml b/...24/Malware/Raspberry-Robin/image_load_malware_raspberry_robin_side_load_aclui_oleview.yml
@@ -25,7 +25,7 @@ detection:
         Image|endswith: '\OleView.exe'
         ImageLoaded|endswith: '\aclui.dll'
     filter_main_legit_oleview_paths:
-        Image|contains:
+        Image|startswith:
             - 'C:\Program Files (x86)\Windows Kits\'
             - 'C:\Program Files\Microsoft SDKs\'
     filter_optional_known_oleview_paths: