Update WannaCry Ransomware Activity

Update https://github.com/SigmaHQ/sigma/blob/master/rules-emerging-threats/2017/Malware/WannaCry/proc_creation_win_malware_wannacry.yml to remove the following section

```yml
- CommandLine|contains|all:
              - 'icacls'
              - '/grant'
              - 'Everyone:F'
              - '/T'
              - '/C'
              - '/Q'
        - CommandLine|contains|all:
              - 'bcdedit'
              - '/set'
              - '{default}'
              - 'recoveryenabled'
              - 'no'
        - CommandLine|contains|all:
              - 'wbadmin'
              - 'delete'
              - 'catalog'
              - '-quiet'
```

This section isn't specific to WannaCry and we already have generic coverage for it. See https://x.com/nas_bench/status/1868639048484425963

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update WannaCry Ransomware Activity #5131

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Update WannaCry Ransomware Activity #5131

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions