From d074ea110f5f377c5e724f543bbdd37db3a30829 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 17:27:42 -0300
Subject: [PATCH] Update win_apt_dragonfly.yml

---
 rules/windows/process_creation/win_apt_dragonfly.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/win_apt_dragonfly.yml b/rules/windows/process_creation/win_apt_dragonfly.yml
index 4c1593865..78c99ce92 100755
--- a/rules/windows/process_creation/win_apt_dragonfly.yml
+++ b/rules/windows/process_creation/win_apt_dragonfly.yml
@@ -13,8 +13,8 @@ logsource:
     product: windows
 detection:
     selection:
-        Image:
-            - '*\crackmapexec.exe'
+        Image|endswith:
+            - '\crackmapexec.exe'
     condition: selection
 falsepositives:
     - None