From 1a85bc5b5a88253a35e63e23cf603090d93d59c4 Mon Sep 17 00:00:00 2001
From: Fukusuke Takahashi <41001169+fukusuket@users.noreply.github.com>
Date: Tue, 16 Apr 2024 00:01:15 +0900
Subject: [PATCH] Merge PR #4799 from @fukusuket - Fix typo in selection name

chore: fix typo in selection name
---
 .../registry/registry_set/registry_set_servicedll_hijack.yml  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/registry/registry_set/registry_set_servicedll_hijack.yml b/rules/windows/registry/registry_set/registry_set_servicedll_hijack.yml
index 146dfd3c7bc..785781e7a26 100644
--- a/rules/windows/registry/registry_set/registry_set_servicedll_hijack.yml
+++ b/rules/windows/registry/registry_set/registry_set_servicedll_hijack.yml
@@ -9,7 +9,7 @@ references:
     - https://www.hexacorn.com/blog/2013/09/19/beyond-good-ol-run-key-part-4/
 author: frack113
 date: 2022/02/04
-modified: 2024/03/26
+modified: 2024/04/03
 tags:
     - attack.persistence
     - attack.privilege_escalation
@@ -32,7 +32,7 @@ detection:
         Details: '%%systemroot%%\system32\ntdsa.dll'
     filter_main_poqexec:
         Image: 'C:\Windows\System32\poqexec.exe'
-    filter_optional_safetica\:
+    filter_optional_safetica:
         Image|endswith: '\regsvr32.exe'
         Details: 'C:\Windows\System32\STAgent.dll'
     condition: selection and not 1 of filter_main_* and not 1 of filter_optional_*