From acfe0633e27481c3abd6640b6afded250dc26cb8 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 16:18:38 -0300
Subject: [PATCH] Update win_mal_ursnif.yml

---
 rules/windows/malware/win_mal_ursnif.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/malware/win_mal_ursnif.yml b/rules/windows/malware/win_mal_ursnif.yml
index 902d85ae3..cf696cf73 100644
--- a/rules/windows/malware/win_mal_ursnif.yml
+++ b/rules/windows/malware/win_mal_ursnif.yml
@@ -16,7 +16,7 @@ logsource:
 detection:
     selection:
         EventID: 13
-        TargetObject: '*\Software\AppDataLow\Software\Microsoft\\*'
+        TargetObject|contains: '\Software\AppDataLow\Software\Microsoft\\'
     condition: selection
 falsepositives:
     - Unknown