From 9fd203e2a36e019d9ffae53c856b5fcaf13ae71f Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Tue, 27 Oct 2020 22:07:45 -0300
Subject: [PATCH] Update mal_azorult_reg.yml

---
 rules/windows/malware/mal_azorult_reg.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/malware/mal_azorult_reg.yml b/rules/windows/malware/mal_azorult_reg.yml
index db5a39521..0fc7cad61 100644
--- a/rules/windows/malware/mal_azorult_reg.yml
+++ b/rules/windows/malware/mal_azorult_reg.yml
@@ -17,7 +17,7 @@ detection:
     EventID:
       - 12
       - 13
-    TargetObject|startswith:
+    TargetObject|endswith:
       - 'SYSTEM\\*\services\localNETService'
   condition: selection
 fields: