diff --git a/rules/windows/malware/av_password_dumper.yml b/rules/windows/malware/av_password_dumper.yml
index 9db6fec0a..74c82aba0 100644
--- a/rules/windows/malware/av_password_dumper.yml
+++ b/rules/windows/malware/av_password_dumper.yml
@@ -20,7 +20,7 @@ detection:
             - "DumpCreds"
             - "Mimikatz"
             - "PWCrack"
-            - "Tool/WCE"
+            - "HTool/WCE"
             - "PSWtool"
             - "PWDump"
             - "SecurityTool"