diff --git a/rules/windows/powershell/powershell_malicious_commandlets.yml b/rules/windows/powershell/powershell_malicious_commandlets.yml
index 672b5daef..d78ba91af 100644
--- a/rules/windows/powershell/powershell_malicious_commandlets.yml
+++ b/rules/windows/powershell/powershell_malicious_commandlets.yml
@@ -114,6 +114,7 @@ detection:
         - Invoke-PortScan
         - Invoke-ReverseDNSLookup
         - Invoke-SMBScanner
+        - Invoke-Mimikittenz
     condition: keywords
 falsepositives:
     - Penetration testing