From 4a5b2d642e7dca3e1d99ca9ec16bc0b35b517311 Mon Sep 17 00:00:00 2001
From: bczyz1 <56651710+bczyz1@users.noreply.github.com>
Date: Tue, 3 Nov 2020 14:46:29 +0100
Subject: [PATCH] Fix typo in win_apt_lazarus_session_hijack.yml

---
 .../process_creation/win_apt_lazarus_session_highjack.yml     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml
index ce5e14cc3..bf8fcd819 100644
--- a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml
+++ b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml
@@ -8,7 +8,7 @@ tags:
     - attack.defense_evasion
     - attack.t1036 # an old one
     - attack.t1036.005
-author: Trent Liffick (@tliffick)
+author: Trent Liffick (@tliffick), Bartlomiej Czyz (@bczyz1)
 date: 2020/06/03
 logsource:
     category: process_creation
@@ -16,7 +16,7 @@ logsource:
 detection:
     selection:
         Image: 
-            - '*\mstdc.exe'
+            - '*\msdtc.exe'
             - '*\gpvc.exe'
     filter:
         Image: