diff --git a/rules/windows/powershell/powershell_script/posh_ps_shellcode_b64.yml b/rules/windows/powershell/powershell_script/posh_ps_shellcode_b64.yml
index 91f9e597e..c0726ebd3 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_shellcode_b64.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_shellcode_b64.yml
@@ -6,7 +6,7 @@ references:
     - https://twitter.com/cyb3rops/status/1063072865992523776
 author: David Ledbetter (shellcode), Florian Roth (Nextron Systems)
 date: 2018/11/17
-modified: 2022/12/25
+modified: 2024/01/25
 tags:
     - attack.defense_evasion
     - attack.privilege_escalation
@@ -19,12 +19,10 @@ logsource:
     definition: 'Requirements: Script Block Logging must be enabled'
 detection:
     selection:
-        ScriptBlockText|contains: 'AAAAYInlM'
-    selection2:
         ScriptBlockText|contains:
             - 'OiCAAAAYInlM'
             - 'OiJAAAAYInlM'
-    condition: selection and selection2
+    condition: selection
 falsepositives:
     - Unknown
 level: high