diff --git a/rules/windows/powershell/powershell_script/posh_ps_detect_vm_env.yml b/rules/windows/powershell/powershell_script/posh_ps_detect_vm_env.yml
index 331b1d12e..0ce4802c0 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_detect_vm_env.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_detect_vm_env.yml
@@ -1,9 +1,9 @@
 title: Powershell Detect Virtualization Environment
 id: d93129cd-1ee0-479f-bc03-ca6f129882e3
 status: experimental
-author: frack113
+author: frack113, Duc.Le-GTSC
 date: 2021/08/03
-modified: 2021/12/02
+modified: 2022/03/03
 description: Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md
@@ -17,7 +17,9 @@ logsource:
     definition: EnableScriptBlockLogging must be set to enable
 detection:
     selection_action:
-        ScriptBlockText|contains: Get-WmiObject
+        ScriptBlockText|contains: 
+            - Get-WmiObject
+            - gwmi
     selection_module:
         ScriptBlockText|contains: 
             - MSAcpi_ThermalZoneTemperature