diff --git a/rules/windows/process_creation/proc_creation_win_lolbas_execution_of_wuauclt.yml b/rules/windows/process_creation/proc_creation_win_lolbas_execution_of_wuauclt.yml
deleted file mode 100644
index 5e00849c5..000000000
--- a/rules/windows/process_creation/proc_creation_win_lolbas_execution_of_wuauclt.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-title: Monitoring Wuauclt.exe For Lolbas Execution Of DLL
-id: ba1bb0cb-73da-42de-ad3a-de10c643a5d0
-status: experimental
-description: Adversaries can abuse wuauclt.exe (Windows Update client) to run code execution by specifying an arbitrary DLL.
-references:
-    - https://dtm.uk/wuauclt/
-author: Sreeman
-date: 2020/10/29
-modified: 2022/03/07
-logsource:
-    product: windows
-    category: process_creation
-detection:
-    selection:
-        CommandLine|contains|all:
-            - 'wuauclt.exe'
-            - '/UpdateDeploymentProvider'
-            - '/Runhandlercomserver'
-    filter:
-        CommandLine|contains:
-            - 'wuaueng.dll'
-            - 'UpdateDeploymentProvider.dll /ClassId'
-    condition: selection and not filter
-falsepositives:
-    - Wuaueng.dll which is a module belonging to Microsoft Windows Update.
-fields:
-    - CommandLine
-level: medium
-tags:
-    - attack.defense_evasion
-    - attack.execution
-    - attack.t1218
diff --git a/rules/windows/process_creation/proc_creation_win_proxy_execution_wuauclt.yml b/rules/windows/process_creation/proc_creation_win_proxy_execution_wuauclt.yml
index 1a7de3abc..e2d127812 100644
--- a/rules/windows/process_creation/proc_creation_win_proxy_execution_wuauclt.yml
+++ b/rules/windows/process_creation/proc_creation_win_proxy_execution_wuauclt.yml
@@ -1,13 +1,19 @@
 title: Proxy Execution via Wuauclt
 id: af77cf95-c469-471c-b6a0-946c685c4798
 description: Detects the use of the Windows Update Client binary (wuauclt.exe) to proxy execute code.
+related:
+    - id: ba1bb0cb-73da-42de-ad3a-de10c643a5d0
+      type: obsoletes
+    - id: d7825193-b70a-48a4-b992-8b5b3015cc11
+      type: obsoletes
 status: experimental
 date: 2020/10/12
 modified: 2021/05/10
-author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research), Florian Roth
+author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research), Florian Roth, Sreeman, FPT.EagleEye Team
 tags:
     - attack.defense_evasion
     - attack.t1218
+    - attack.execution
 references:
     - https://dtm.uk/wuauclt/
     - https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/
@@ -19,12 +25,12 @@ detection:
         - Image|contains: wuauclt
         - OriginalFileName: wuauclt.exe
     selection_two:
-        CommandLine|contains|all: 
+        CommandLine|contains|all:
             - 'UpdateDeploymentProvider'
             - '.dll'
             - 'RunHandlerComServer'
     filter:
-        CommandLine|contains: 
+        CommandLine|contains:
             - ' /UpdateDeploymentProvider UpdateDeploymentProvider.dll '
             - ' wuaueng.dll '
     condition: selection_one and selection_two and not filter