diff --git a/rules/windows/sysmon/sysmon_win_binary_susp_com.yml b/rules/windows/sysmon/sysmon_win_binary_susp_com.yml
index fc4e7daee..12f0fbc85 100644
--- a/rules/windows/sysmon/sysmon_win_binary_susp_com.yml
+++ b/rules/windows/sysmon/sysmon_win_binary_susp_com.yml
@@ -18,6 +18,7 @@ detection:
         DestinationHostname: 
             - '*dl.dropboxusercontent.com'
             - '*.pastebin.com'
+            - '*.githubusercontent.com' # includes both gists and github repositories
         Image: 'C:\Windows\\*'
     condition: selection
 falsepositives: