added event type & changed technique

rules/windows/registry_event/sysmon_comhijack_sdclt.yml

@@ -2,6 +2,8 @@ title: COM Hijack via Sdclt
 id: 07743f65-7ec9-404a-a519-913db7118a8d
 status: experimental
 description: Detects changes to 'HKCU\Software\Classes\Folder\shell\open\command\DelegateExecute'
+author: Omkar Gudhate
+date: 2020/09/27
 references:
     - http://blog.sevagas.com/?Yet-another-sdclt-UAC-bypass
     - https://www.exploit-db.com/exploits/47696
@@ -9,8 +11,6 @@ tags:
     - attack.privilege_escalation
     - attack.t1546
     - attack.t1548
-author: Omkar Gudhate
-date: 2020/09/27
 logsource:
     category: registry_event
     product: windows
@@ -18,7 +18,8 @@ detection:
     selection:
         TargetObject:
             - 'HKCU\Software\Classes\Folder\shell\open\command\DelegateExecute'
-            - 'HKCU\Software\Classes\Folder\shell\open\command'
+        EventType:
+            - SetValue
     condition: selection
 falsepositives:
     - unknown