main/Windows Sysinternals Sigcheck/100060-win_sigcheck_rules.xml

<group name="windows,">
<rule id="100060" level="10">
  <decoded_as>json</decoded_as>
  <field name="Path">\.+</field>
  <field name="Verified">\.+</field>
  <description>Windows Sigcheck - VirusTotal Hit</description>
  <mitre>
   <id>T1036</id>
  </mitre>
  <options>no_full_log</options>
  <group>windows_sigcheck,</group>
</rule>
<rule id="100061" level="12">
  <if_sid>100060</if_sid>
  <field name="VTdetection">^\d\d\|</field>
  <description>Windows Sigcheck - VirusTotal Hit Above 10 Matches</description>
  <mitre>
   <id>T1036</id>
  </mitre>
  <options>no_full_log</options>
  <group>windows_sigcheck,</group>
</rule>
</group>