Merge pull request #1272 from bczyz1/patch-2

Fix typo in win_apt_lazarus_session_hijack.yml

rules/windows/process_creation/win_apt_lazarus_session_highjack.yml

@@ -8,7 +8,7 @@ tags:
     - attack.defense_evasion
     - attack.t1036 # an old one
     - attack.t1036.005
-author: Trent Liffick (@tliffick)
+author: Trent Liffick (@tliffick), Bartlomiej Czyz (@bczyz1)
 date: 2020/06/03
 logsource:
     category: process_creation
@@ -16,7 +16,7 @@ logsource:
 detection:
     selection:
         Image: 
-            - '*\mstdc.exe'
+            - '*\msdtc.exe'
             - '*\gpvc.exe'
     filter:
         Image: