diff --git a/rules/windows/process_creation/win_apt_revil_kaseya.yml b/rules/windows/process_creation/win_apt_revil_kaseya.yml
index 2ab3055a0..b3f6cab3a 100644
--- a/rules/windows/process_creation/win_apt_revil_kaseya.yml
+++ b/rules/windows/process_creation/win_apt_revil_kaseya.yml
@@ -7,8 +7,10 @@ references:
     - https://www.joesandbox.com/analysis/443736/0/html
     - https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
     - https://therecord.media/revil-ransomware-executes-supply-chain-attack-via-malicious-kaseya-update/
+    - https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware/
 author: Florian Roth
 date: 2021/07/03
+modified: 2021/07/05
 tags:
     - attack.execution
     - attack.g0115
@@ -23,11 +25,20 @@ detection:
             - 'del /q /f c:\kworking\agent.crt'
             - 'Kaseya VSA Agent Hot-fix'
             - '\AppData\Local\Temp\MsMpEng.exe'
+            - 'rmdir /s /q %SystemDrive%\inetpub\logs'
+            - 'del /s /q /f %SystemDrive%\\*.log'
+            - 'c:\kworking1\agent.exe'
+            - 'c:\kworking1\agent.crt'
     selection2:
         Image: 
             - 'C:\Windows\MsMpEng.exe'
             - 'C:\Windows\cert.exe'
             - 'C:\kworking\agent.exe'
+            - 'C:\kworking1\agent.exe'
+    selection3:
+        CommandLine|contains|all:
+            - 'del /s /q /f'
+            - 'WebPages\Errors\webErrorLog.txt'
     condition: selection1 and selection2
 falsepositives:
     - Unknown
diff --git a/rules/windows/registry_event/win_registry_mimikatz_printernightmare.yml b/rules/windows/registry_event/win_registry_mimikatz_printernightmare.yml
index c62015f73..5fd0912b4 100644
--- a/rules/windows/registry_event/win_registry_mimikatz_printernightmare.yml
+++ b/rules/windows/registry_event/win_registry_mimikatz_printernightmare.yml
@@ -11,14 +11,17 @@ tags:
   - attack.execution
   - cve.2021-1675
   - cve.2021-34527
-date: 2021/06/07
+date: 2021/07/04
+modified: 2021/07/05
 logsource:
   product: windows
   category: registry_event
 detection:
   selection:
-    TargetObject|startswith: 'HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\QMS 810\'
+    TargetObject|startswith:
+      -'HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\QMS 810\'
+      - 'HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\mimikatz'
   condition: selection
 falsepositives:
   - Legitimate installation of printer driver QMS 810, Texas Instruments microLaser printer (unlikely)
-level: critical 
\ No newline at end of file
+level: critical
\ No newline at end of file