From c19a2e3cf81c18555316efd138344d739127350e Mon Sep 17 00:00:00 2001
From: securepeacock <92804416+securepeacock@users.noreply.github.com>
Date: Wed, 28 Dec 2022 21:24:57 -0500
Subject: [PATCH] Update Remote.yml with Sigma (#227)

* Update Remote.yml

* Update acknowledgement

Co-authored-by: bohops <jimmy@jbtech.us>
---
 yml/OtherMSBinaries/Remote.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/yml/OtherMSBinaries/Remote.yml b/yml/OtherMSBinaries/Remote.yml
index cb0d65d..cfb96e4 100644
--- a/yml/OtherMSBinaries/Remote.yml
+++ b/yml/OtherMSBinaries/Remote.yml
@@ -32,6 +32,7 @@ Code_Sample:
   - Code:
 Detection:
   - IOC: remote.exe process spawns
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_lolbin_remote.yml
 Resources:
   - Link: https://blog.thecybersecuritytutor.com/Exeuction-AWL-Bypass-Remote-exe-LOLBin/
 Acknowledgement: