putting quotes around strings with special chars

2024-12-25 22:39:27 +01:00 · 2021-03-09 15:04:09 +01:00 · 2021-03-09 15:04:09 +01:00 · 29acd82968
commit 29acd82968
parent ff9f5cff3d
2 changed files with 6 additions and 6 deletions
--- a/yml/LOLUtilz/OtherBinaries/RunCmd_X64.yml
+++ b/yml/LOLUtilz/OtherBinaries/RunCmd_X64.yml
@ -21,7 +21,7 @@ Detection:
 Resources:
 - Link: https://bartblaze.blogspot.com/2019/03/run-applications-and-scripts-using.html
 - Link: https://twitter.com/bartblaze/status/1107390776147881984
- Acknowledgement:
+Acknowledgement:
  - Person: Bart
-    Handle: @bartblaze
+    Handle: '@bartblaze'
 ---
--- a/yml/LOLUtilz/OtherBinaries/aswrundll.yml
+++ b/yml/LOLUtilz/OtherBinaries/aswrundll.yml
@ -3,18 +3,18 @@ Description: This process is used by AVAST antivirus to run and execute any modu
 Author: Eli Salem
 Created: 19\03\2019
 Commands:
-  - Command: "C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" 
+  - Command: '"C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll"'
    Description: Load and execute modules using aswrundll
    Usecase: Execute malicious modules using aswrundll.exe
    Category: Execute
    Privileges: Any
    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
 Full_Path:
- Path: C:\Program Files\Avast Software\Avast\aswrundll
+- Path: 'C:\Program Files\Avast Software\Avast\aswrundll'
 Code_Sample: 
- Code: ["C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" "C:\Users\module.dll"]
+- Code: '["C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" "C:\Users\module.dll"]'
 Resources:
 - Link: https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research
- Acknowledgement:
+Acknowledgement:
  - Person: Eli Salem 
    handle: https://www.linkedin.com/in/eli-salem-954728150