diff --git a/rules/windows/malware/win_mal_octopus_scanner.yml b/rules/windows/malware/win_mal_octopus_scanner.yml
index 0b36c703..a76955be 100644
--- a/rules/windows/malware/win_mal_octopus_scanner.yml
+++ b/rules/windows/malware/win_mal_octopus_scanner.yml
@@ -13,12 +13,11 @@ logsource:
   product: windows
   category: file_event
 detection:
-  filecreate:
   selection:
     TargetFilename|endswith:
       - '\AppData\Local\Microsoft\Cache134.dat'
       - '\AppData\Local\Microsoft\ExplorerSync.db'
-  condition: filecreate and selection
+  condition: selection
 falsepositives:
   - Unknown
 level: high