diff --git a/rules/web/web_cve_2021_44228_log4j.yml b/rules/web/web_cve_2021_44228_log4j.yml
index 5759aa331..711655745 100644
--- a/rules/web/web_cve_2021_44228_log4j.yml
+++ b/rules/web/web_cve_2021_44228_log4j.yml
@@ -36,6 +36,7 @@ detection:
         - '${jndi:iiop'
         - '${${env:BARFOO:-j}'
         - '${::-l}${::-d}${::-a}${::-p}'
+        - '${base64:JHtqbmRp'
     condition: keywords
 falsepositives:
     - Vulnerability scanning
diff --git a/rules/web/web_cve_2021_44228_log4j_fields.yml b/rules/web/web_cve_2021_44228_log4j_fields.yml
index dcad43d5d..92c49b247 100644
--- a/rules/web/web_cve_2021_44228_log4j_fields.yml
+++ b/rules/web/web_cve_2021_44228_log4j_fields.yml
@@ -37,6 +37,7 @@ detection:
          - '${jndi:iiop'
          - '${${env:BARFOO:-j}'
          - '${::-l}${::-d}${::-a}${::-p}'
+         - '${base64:JHtqbmRp'
       user-agent|contains:
          - '${jndi:ldap:/'
          - '${jndi:rmi:/'
@@ -55,6 +56,7 @@ detection:
          - '${jndi:iiop'
          - '${${env:BARFOO:-j}'
          - '${::-l}${::-d}${::-a}${::-p}'
+         - '${base64:JHtqbmRp'
       cs-uri|contains:
          - '${jndi:ldap:/'
          - '${jndi:rmi:/'
@@ -73,6 +75,7 @@ detection:
          - '${jndi:iiop'
          - '${${env:BARFOO:-j}'
          - '${::-l}${::-d}${::-a}${::-p}'
+         - '${base64:JHtqbmRp'
       cs-referrer|contains:
          - '${jndi:ldap:/'
          - '${jndi:rmi:/'
@@ -91,6 +94,7 @@ detection:
          - '${jndi:iiop'
          - '${${env:BARFOO:-j}'
          - '${::-l}${::-d}${::-a}${::-p}'
+         - '${base64:JHtqbmRp'
    condition: selection
 falsepositives:
     - Vulnerability scanning