diff --git a/rules/windows/process_creation/win_powershell_downgrade_attack.yml b/rules/windows/process_creation/win_powershell_downgrade_attack.yml
index d33c74283..61acfd966 100644
--- a/rules/windows/process_creation/win_powershell_downgrade_attack.yml
+++ b/rules/windows/process_creation/win_powershell_downgrade_attack.yml
@@ -23,6 +23,12 @@ logsource:
     product: windows
 detection:
     selection:
-        CommandLine|contains: ' -version 2 '
+        CommandLine|contains: 
+            - ' -version 2 '
+            - ' -versio 2 '
+            - ' -versi 2 '
+            - ' -vers 2 '
+            - ' -ver 2 '
+            - ' -ve 2 '        
         Image|endswith: '\powershell.exe'
     condition: selection