From 3746bcce1a6eaf724428eb58e6a2592ff6d9b600 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Tue, 17 Oct 2023 15:29:16 +0200
Subject: [PATCH] fix: FP with CVE folder in Aurora sigma rule sub folders

---
 iocs/filename-iocs.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iocs/filename-iocs.txt b/iocs/filename-iocs.txt
index 7274e252..de3c043c 100644
--- a/iocs/filename-iocs.txt
+++ b/iocs/filename-iocs.txt
@@ -3903,7 +3903,7 @@ linpeas\.log;75
 \\passav\.exe;65
 
 # Exploit Code File Names
-\\(cve|CVE)-20[012][0-9]\-[0-9]{4,5}.{0,20}($|\\);60;(\\share\\doc|\\Microsoft\\Windows Defender Advanced Threat Protection\\|/\.cpanm/work/| \.\.\.\.\. ok|\\sigma\\|\\(cve|CVE)-20[012][0-9]\-[0-9]{4,5}\\n )
+\\(cve|CVE)-20[012][0-9]\-[0-9]{4,5}.{0,20}($|\\);60;(\\share\\doc|\\Microsoft\\Windows Defender Advanced Threat Protection\\|/\.cpanm/work/| \.\.\.\.\. ok|\\sigma\\|\\(cve|CVE)-20[012][0-9]\-[0-9]{4,5}\\n | MFSA |emerging-threats)
 \\(cve|CVE)-20[012][0-9]\-[0-9]{4,5}.{0,20}(\.py|\.exe|\.vbs|\.bat|\.ps1|\.dll);75;(\\share\\doc|CVE\-2017\-9800\-pre\-commit)
 
 # Possible Service Path Escalation Attempt http://www.commonexploits.com/unquoted-service-paths/ or simple malware