update title and filename to fit the logic

ionsor · Oct 6, 2024 · e98b4dd · e98b4dd
1 parent 2d8a4dd
commit e98b4dd
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/...creation_win_susp_office_token_search.yml → ...oc_creation_win_susp_jwt_token_search.yml b/...creation_win_susp_office_token_search.yml → ...oc_creation_win_susp_jwt_token_search.yml
@@ -1,9 +1,9 @@
-title: Potentially Suspicious Office Token Search Via CLI
+title: Potentially Suspicious JWT Token Search Via CLI
 id: 6d3a3952-6530-44a3-8554-cf17c116c615
 status: test
 description: |
-    Detects possible search for office tokens via CLI by looking for the string "eyJ0eX".
-    This string is used as an anchor to look for the start of the JWT token used by office and similar apps.
+    Detects possible search for JWT tokens via CLI by looking for the string "eyJ0eX" or "eyJhbG".
+    This string is used as an anchor to look for the start of the JWT token used by microsoft office and similar apps.
 references:
     - https://mrd0x.com/stealing-tokens-from-office-applications/
 author: Nasreddine Bencherchali (Nextron Systems)