From 524ea4bfeba9cb1a7901bc16cb113f23089539b5 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Mon, 25 Jul 2022 11:12:00 +0100
Subject: [PATCH] Fix typo

---
 rules/windows/image_load/image_load_uac_bypass_iscsicpl.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/windows/image_load/image_load_uac_bypass_iscsicpl.yml b/rules/windows/image_load/image_load_uac_bypass_iscsicpl.yml
index 982df5302..0a263546e 100644
--- a/rules/windows/image_load/image_load_uac_bypass_iscsicpl.yml
+++ b/rules/windows/image_load/image_load_uac_bypass_iscsicpl.yml
@@ -7,12 +7,14 @@ references:
     - https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC
     - https://twitter.com/wdormann/status/1547583317410607110
 date: 2022/07/17
+modified: 2022/07/25
 logsource:
     product: windows
     category: image_load
 detection:
     selection:
         Image: C:\Windows\SysWOW64\iscsicpl.exe
+        ImageLoaded|endswith: '\iscsiexe.dll'
     filter:
         ImageLoaded|contains|all:
             - 'C:\Windows\'