diff --git a/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml b/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml
index ad50510af..b42525448 100755
--- a/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml
+++ b/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml
@@ -6,7 +6,7 @@ references:
     - https://twitter.com/SBousseaden/status/1096148422984384514
 author: Samir Bousseaden
 date: 2019/02/16
-modified: 2020/08/24
+modified: 2021/05/11
 tags:
     - attack.command_and_control
     - attack.t1572
@@ -25,7 +25,7 @@ detection:
     selection2:
         - DestinationIp|startswith:
             - '127.'
-        - DestinationIP:
+        - DestinationIp:
             - '::1'
     condition: selection and selection2
 falsepositives: