diff --git a/rules/windows/file_event/win_hivenightmare_file_exports.yml b/rules/windows/file_event/win_hivenightmare_file_exports.yml
index 869295a32..46461579e 100644
--- a/rules/windows/file_event/win_hivenightmare_file_exports.yml
+++ b/rules/windows/file_event/win_hivenightmare_file_exports.yml
@@ -7,6 +7,7 @@ date: 2020/07/23
 references:
     - https://github.com/GossiTheDog/HiveNightmare
     - https://github.com/FireFart/hivenightmare/
+    - https://github.com/WiredPulse/Invoke-HiveNightmare
 logsource:
     product: windows
     category: file_event
@@ -20,6 +21,7 @@ detection:
             - '\hive_sam_'  # Go version
             - '\SAM-2021-'  # C++ version
             - '\SAM-2022-'  # C++ version
+            - '\SAM-haxx'   # Early C++ versions
             - '\Sam.save'   # PowerShell version
     condition: selection
 fields: