diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/win_mal_blue_mockingbird.yml
index d7ce7fa34..c40f28d76 100644
--- a/rules/windows/malware/win_mal_blue_mockingbird.yml
+++ b/rules/windows/malware/win_mal_blue_mockingbird.yml
@@ -14,7 +14,8 @@ date: 2020/05/14
 falsepositives:
     - unknown
 level: high
-condition: 1 of them
+detection:
+    condition: 1 of them
 ---
 logsource:
     category: process_creation