diff --git a/rules/windows/pipe_created/sysmon_mal_namedpipes.yml b/rules/windows/pipe_created/sysmon_mal_namedpipes.yml
index e425bf51b..f8fbc0779 100644
--- a/rules/windows/pipe_created/sysmon_mal_namedpipes.yml
+++ b/rules/windows/pipe_created/sysmon_mal_namedpipes.yml
@@ -34,6 +34,7 @@ detection:
          - '\Posh*' #PoshC2 default 
          - '\jaccdpqnvbrrxlaf' #PoshC2 default 
          - '\csexecsvc' #CSEXEC default
+         - '\6e7645c4-32c5-4fe3-aabf-e94c2f4370e7'  # LiquidSnake https://github.com/RiccardoAncarani/LiquidSnake
    condition: selection
 tags:
     - attack.defense_evasion