From 7acd83194e6b9a9e94a4640fb99e0d2497a9c607 Mon Sep 17 00:00:00 2001
From: mr-tz <moritz.raabe@mandiant.com>
Date: Fri, 25 Oct 2024 08:28:16 +0000
Subject: [PATCH] tighten scopes

---
 .../encryption/create-new-key-via-cryptacquirecontext.yml     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data-manipulation/encryption/create-new-key-via-cryptacquirecontext.yml b/data-manipulation/encryption/create-new-key-via-cryptacquirecontext.yml
index 15aeabe4..63027a31 100644
--- a/data-manipulation/encryption/create-new-key-via-cryptacquirecontext.yml
+++ b/data-manipulation/encryption/create-new-key-via-cryptacquirecontext.yml
@@ -5,8 +5,8 @@ rule:
     authors:
       - chuong.dong@mandiant.com
     scopes:
-      static: function
-      dynamic: thread
+      static: basic block
+      dynamic: call
     att&ck:
       - Defense Evasion::Obfuscated Files or Information [T1027]
     mbc: