diff --git a/rules-threat-hunting/windows/process_creation/proc_creation_win_7zip_password_extraction.yml b/rules-threat-hunting/windows/process_creation/proc_creation_win_7zip_password_extraction.yml
index 4d594d4bcc6..4e93c4cd0b4 100644
--- a/rules-threat-hunting/windows/process_creation/proc_creation_win_7zip_password_extraction.yml
+++ b/rules-threat-hunting/windows/process_creation/proc_creation_win_7zip_password_extraction.yml
@@ -6,7 +6,7 @@ references:
     - https://blog.cyble.com/2022/06/07/bumblebee-loader-on-the-rise/
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023-03-10
-modified: 2024-07-16
+modified: 2026-06-05
 tags:
     - attack.collection
     - attack.t1560.001
@@ -19,11 +19,12 @@ detection:
         - Description|contains: '7-Zip'
         - Image|endswith:
               - '\7z.exe'
-              - '\7zr.exe'
               - '\7za.exe'
+              - '\7zr.exe'
         - OriginalFileName:
               - '7z.exe'
               - '7za.exe'
+              - '7zr.exe'
     selection_password:
         CommandLine|contains|all:
             - ' -p'
diff --git a/rules/windows/process_creation/proc_creation_win_7zip_exfil_dmp_files.yml b/rules/windows/process_creation/proc_creation_win_7zip_exfil_dmp_files.yml
index 1bf1f46831d..64fa81d8806 100644
--- a/rules/windows/process_creation/proc_creation_win_7zip_exfil_dmp_files.yml
+++ b/rules/windows/process_creation/proc_creation_win_7zip_exfil_dmp_files.yml
@@ -9,7 +9,7 @@ references:
     - https://thedfirreport.com/2022/09/26/bumblebee-round-two/
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2022-09-27
-modified: 2023-09-12
+modified: 2026-06-05
 tags:
     - attack.collection
     - attack.t1560.001
@@ -26,6 +26,7 @@ detection:
         - OriginalFileName:
               - '7z.exe'
               - '7za.exe'
+              - '7zr.exe'
     selection_extension:
         CommandLine|contains:
             - '.dmp'
diff --git a/rules/windows/process_creation/proc_creation_win_7zip_password_compression.yml b/rules/windows/process_creation/proc_creation_win_7zip_password_compression.yml
index 79788510840..08f75d9922d 100644
--- a/rules/windows/process_creation/proc_creation_win_7zip_password_compression.yml
+++ b/rules/windows/process_creation/proc_creation_win_7zip_password_compression.yml
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1560.001/T1560.001.md
 author: frack113
 date: 2021-07-27
-modified: 2023-03-13
+modified: 2026-06-05
 tags:
     - attack.collection
     - attack.t1560.001
@@ -23,6 +23,7 @@ detection:
         - OriginalFileName:
               - '7z.exe'
               - '7za.exe'
+              - '7zr.exe'
     selection_password:
         CommandLine|contains: ' -p'
     selection_action:
diff --git a/rules/windows/process_creation/proc_creation_win_renamed_binary.yml b/rules/windows/process_creation/proc_creation_win_renamed_binary.yml
index bbb4f344467..647a478b393 100644
--- a/rules/windows/process_creation/proc_creation_win_renamed_binary.yml
+++ b/rules/windows/process_creation/proc_creation_win_renamed_binary.yml
@@ -12,7 +12,7 @@ references:
     - https://www.splunk.com/en_us/blog/security/inno-setup-malware-redline-stealer-campaign.html
 author: Matthew Green @mgreen27, Ecco, James Pemberton @4A616D6573, oscd.community, Andreas Hunkeler (@Karneades)
 date: 2019-06-15
-modified: 2025-07-15
+modified: 2026-06-05
 tags:
     - attack.stealth
     - attack.t1036.003
@@ -26,6 +26,7 @@ detection:
             - 'CONHOST.EXE'
             - '7z.exe'
             - '7za.exe'
+            - '7zr.exe'
             - 'WinRAR.exe'
             - 'wevtutil.exe'
             - 'net.exe'
@@ -38,6 +39,7 @@ detection:
             - '\conhost.exe'
             - '\7z.exe'
             - '\7za.exe'
+            - '\7zr.exe'
             - '\WinRAR.exe'
             - '\wevtutil.exe'
             - '\net.exe'