From 1f3e403ebef0b8ed101bf524254f9961bb499d8f Mon Sep 17 00:00:00 2001
From: Moritz <mr-tz@users.noreply.github.com>
Date: Sat, 23 Sep 2023 07:08:18 +0200
Subject: [PATCH 1/2] Create add-value-to-global-atom-table.yml

---
 nursery/add-value-to-global-atom-table.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 nursery/add-value-to-global-atom-table.yml

diff --git a/nursery/add-value-to-global-atom-table.yml b/nursery/add-value-to-global-atom-table.yml
new file mode 100644
index 00000000..796b9198
--- /dev/null
+++ b/nursery/add-value-to-global-atom-table.yml
@@ -0,0 +1,13 @@
+rule:
+  meta:
+    name: add value to global atom table
+    namespace: host-interaction/process/inject
+    authors:
+      - "@mr-tz"
+    scope: function
+    references:
+      - https://www.fortinet.com/blog/threat-research/atombombing-brand-new-code-injection-technique-for-windows
+      - https://github.com/BreakingMalwareResearch/atom-bombing
+  features:
+    - and:
+      - api: GlobalAddAtom

From e6b89e2b2d958040ee438b5342362f3905aac6bb Mon Sep 17 00:00:00 2001
From: Moritz <mr-tz@users.noreply.github.com>
Date: Tue, 10 Oct 2023 11:00:49 +0200
Subject: [PATCH 2/2] Update nursery/add-value-to-global-atom-table.yml

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
---
 nursery/add-value-to-global-atom-table.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nursery/add-value-to-global-atom-table.yml b/nursery/add-value-to-global-atom-table.yml
index 796b9198..2cc527b5 100644
--- a/nursery/add-value-to-global-atom-table.yml
+++ b/nursery/add-value-to-global-atom-table.yml
@@ -10,4 +10,6 @@ rule:
       - https://github.com/BreakingMalwareResearch/atom-bombing
   features:
     - and:
+      - api: AddAtom
       - api: GlobalAddAtom
+      - api: GlobalAddAtomEx