diff --git a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml
index ce5e14cc3..bf8fcd819 100644
--- a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml
+++ b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml
@@ -8,7 +8,7 @@ tags:
     - attack.defense_evasion
     - attack.t1036 # an old one
     - attack.t1036.005
-author: Trent Liffick (@tliffick)
+author: Trent Liffick (@tliffick), Bartlomiej Czyz (@bczyz1)
 date: 2020/06/03
 logsource:
     category: process_creation
@@ -16,7 +16,7 @@ logsource:
 detection:
     selection:
         Image: 
-            - '*\mstdc.exe'
+            - '*\msdtc.exe'
             - '*\gpvc.exe'
     filter:
         Image: