From fd9fae8321f7e640c77dfc083d29e1d8afce9a96 Mon Sep 17 00:00:00 2001
From: securepeacock <92804416+securepeacock@users.noreply.github.com>
Date: Tue, 3 Oct 2023 11:04:39 +0000
Subject: [PATCH] Added Sigma to Teams.exe (#329)

---
 yml/OSBinaries/Teams.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/yml/OSBinaries/Teams.yml b/yml/OSBinaries/Teams.yml
index ff36f78..ba85b65 100644
--- a/yml/OSBinaries/Teams.yml
+++ b/yml/OSBinaries/Teams.yml
@@ -13,6 +13,8 @@ Commands:
     OperatingSystem: Windows 10, Windows 11
 Full_Path:
   - Path: c:\Users\username\AppData\Local\Microsoft\Teams\current\Teams.exe
+Detection:
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/process_creation/proc_creation_win_susp_electron_exeuction_proxy.yml
 Resources:
 Acknowledgement:
   - Person: mr.d0x