From b52200eb89d6e19e67570c7f11c129d5b35fe0ce Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Sat, 17 Jun 2023 21:30:00 +0200
Subject: [PATCH] Add sigma and remove ampty string (#297)

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
---
 yml/OSBinaries/Ldifde.yml | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/yml/OSBinaries/Ldifde.yml b/yml/OSBinaries/Ldifde.yml
index cfc974e..9cc707d 100644
--- a/yml/OSBinaries/Ldifde.yml
+++ b/yml/OSBinaries/Ldifde.yml
@@ -14,15 +14,10 @@ Commands:
 Full_Path:
   - Path: c:\windows\system32\ldifde.exe
   - Path: c:\windows\syswow64\ldifde.exe
-Code_Sample:
-  - Code:
 Detection:
-  - IOC:
-  - Analysis:
-  - Sigma:
-  - Elastic:
-  - Splunk:
-  - BlockRule:
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/3d172914f6c2bd5c2b5ed471bf0657a662d395af/rules/windows/process_creation/proc_creation_win_ldifde_export.yml
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/3d172914f6c2bd5c2b5ed471bf0657a662d395af/rules/windows/process_creation/proc_creation_win_ldifde_file_load.yml
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/3d172914f6c2bd5c2b5ed471bf0657a662d395af/rules-emerging-threats/2019/TA/APT31/proc_creation_win_apt_apt31_judgement_panda.yml
 Resources:
   - Link: https://twitter.com/0gtweet/status/1564968845726580736
 Acknowledgement: