diff --git a/rules/windows/malware/win_mal_octopus_scanner.yml b/rules/windows/malware/win_mal_octopus_scanner.yml
index bcc4b998ae6..4e7a5888340 100644
--- a/rules/windows/malware/win_mal_octopus_scanner.yml
+++ b/rules/windows/malware/win_mal_octopus_scanner.yml
@@ -18,7 +18,7 @@ detection:
     TargetFilename|endswith:
       - '\AppData\Local\Microsoft\Cache134.dat'
       - '\AppData\Local\Microsoft\ExplorerSync.db'
-condition: filecreate and selection
+  condition: filecreate and selection
 falsepositives:
   - Unknown
 level: high
\ No newline at end of file