From 1f9bbe2878f3261b24ac728e1082614052bd91ea Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Fri, 1 Nov 2024 12:36:41 +0100
Subject: [PATCH] fix: duplicate filename IOC

---
 iocs/filename-iocs.txt           | 1 -
 yara/apt_nobellium_rdp_phish.yar | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/iocs/filename-iocs.txt b/iocs/filename-iocs.txt
index 6b8c593d..3e9e1c71 100644
--- a/iocs/filename-iocs.txt
+++ b/iocs/filename-iocs.txt
@@ -359,7 +359,6 @@ Temp\\dllhost\.exe;80
 Temp\\sechost\.exe;80
 AppData\\chkdbg.log;60
 AppData\\svchost\.exe;80
-temp\\svchost\.exe;80
 AppData\\conhost\.dll;80
 Temp\\conhost\.dll;80
 
diff --git a/yara/apt_nobellium_rdp_phish.yar b/yara/apt_nobellium_rdp_phish.yar
index 00ec1950..4a3bbb4c 100644
--- a/yara/apt_nobellium_rdp_phish.yar
+++ b/yara/apt_nobellium_rdp_phish.yar
@@ -21,3 +21,4 @@ rule SUSP_RDP_File_Indicators_Oct24_1 {
       filesize < 50KB
       and all of them
 }
+