diff --git a/rules/windows/process_creation/proc_creation_win_office_shell.yml b/rules/windows/process_creation/proc_creation_win_office_shell.yml
index 342af706d..86bc87906 100644
--- a/rules/windows/process_creation/proc_creation_win_office_shell.yml
+++ b/rules/windows/process_creation/proc_creation_win_office_shell.yml
@@ -7,7 +7,7 @@ references:
   - https://www.hybrid-analysis.com/sample/465aabe132ccb949e75b8ab9c5bda36d80cf2fd503d52b8bad54e295f28bbc21?environmentId=100
   - https://mgreen27.github.io/posts/2018/04/02/DownloadCradle.html
 date: 2018/04/06
-modified: 2022/02/22
+modified: 2022/02/23
 logsource:
   category: process_creation
   product: windows
@@ -47,6 +47,12 @@ detection:
     ParentImage|endswith: '\OUTLOOK.EXE'
     Image|endswith: '\rundll32.exe'
     CommandLine|contains: '\PhotoViewer.dll'
+  filter_outlook_printattachments:  # https://twitter.com/KickaKamil/status/1496238278659485696
+    ParentImage|endswith: '\OUTLOOK.EXE'
+    Image|endswith: '\rundll32.exe'
+    CommandLine|contains|all:
+      - 'shell32.dll,Control_RunDLL'
+      - '\SYSTEM32\SPOOL\DRIVERS\'
   condition: selection and not 1 of filter*
 fields:
   - CommandLine