specified that app armore is specific to linux

2021-06-21 18:06:58 -04:00 · 2021-06-21 18:06:58 -04:00 · e8a240c96b
--- a/Campaigns/Sysrv-botnet/app-armor-stopped.md
+++ b/Campaigns/Sysrv-botnet/app-armor-stopped.md
@ -4,7 +4,7 @@ This query was originally published in the threat analytics report, *Sysrv botne

 Sysrv is a Go-based botnet that targets both Windows and Linux servers, and steals resources to mine cryptocurrency.

-The following query finds instances of the attacker attempting to stop the AppArmor network security service.
+The following query finds instances of the attacker attempting to stop the AppArmor network security service on devices running Linux.

 ## Query

--- a/Campaigns/Sysrv-botnet/java-executing-cmd-to-run-powershell.md
+++ b/Campaigns/Sysrv-botnet/java-executing-cmd-to-run-powershell.md
@ -4,7 +4,7 @@ This query was originally published in the threat analytics report, *Sysrv botne

 Sysrv is a Go-based botnet that targets both Windows and Linux servers, and steals resources to mine cryptocurrency.

-The following query finds instances of the Java process being used to execute cmd.exe and download and execute a PowerShell script. 
+The following query finds instances of the Java process being used to execute cmd.exe, and download and execute a PowerShell script.

 ## Query