diff --git a/rules/windows/process_creation/proc_creation_win_ssh_proxy_execution.yml b/rules/windows/process_creation/proc_creation_win_ssh_proxy_execution.yml
index 521b89ba0..738fd6d36 100644
--- a/rules/windows/process_creation/proc_creation_win_ssh_proxy_execution.yml
+++ b/rules/windows/process_creation/proc_creation_win_ssh_proxy_execution.yml
@@ -10,7 +10,7 @@ references:
     - https://man.openbsd.org/ssh_config#LocalCommand
 author: frack113, Nasreddine Bencherchali
 date: 2022-12-29
-modified: 2023-01-25
+modified: 2025-07-02
 tags:
     - attack.defense-evasion
     - attack.t1218
@@ -22,7 +22,18 @@ detection:
         # ParentCommandLine: '"C:\Windows\System32\OpenSSH\sshd.exe" -R'
         ParentImage: 'C:\Windows\System32\OpenSSH\sshd.exe'
     selection_cli_img:
-        Image|endswith: '\ssh.exe'
+        - Image|endswith: '\ssh.exe'
+        - Product: 'OpenSSH for Windows'
+        - Hashes|contains:
+              - 'IMPHASH=55b4964d29aad5438b9e950052dbbbc0'
+              - 'IMPHASH=334d66c33503ccbf647c15b47c27eef4'
+              - 'IMPHASH=27b0da080ef92afb37983d30d839141e'
+              - 'IMPHASH=977eb4c263d384e47daa0712d34713ab'
+              - 'IMPHASH=3eaadce9ae43d5a918bb082065815c3b'
+              - 'IMPHASH=980fe6cf0d996ab1eedf877222e722aa'
+              - 'IMPHASH=5f959422308ac3d721010d66647e100e'
+              - 'IMPHASH=a49aaa3d03d1cd9c8dc7fca60f7f480b'
+              - 'IMPHASH=dd335f759b6d5d6a8382b71dd9d65791'
     selection_cli_flags:
         - CommandLine|contains: 'ProxyCommand='
         - CommandLine|contains|all: