diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
index 1d74bac61..1fd99500e 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
@@ -42,6 +42,7 @@ class T1086(AttackTechnique):
                 "telem_category": "post_breach",
                 "$or": [
                     {"data.command": {"$regex": r"\.ps1"}},
+                    {"data.command": {"$regex": "powershell"}},
                     {"data.result": {"$regex": r"\.ps1"}},
                 ],
             },