From 1adac5b0361740b2f40ba8e95b9de93aa38425d3 Mon Sep 17 00:00:00 2001
From: G Y <35021368+leegengyu@users.noreply.github.com>
Date: Wed, 7 Jul 2021 20:21:41 +0800
Subject: [PATCH] Update win_apt_apt29_thinktanks.yml - Links

Reference links updated with grammar corrections.
---
 rules/windows/process_creation/win_apt_apt29_thinktanks.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/win_apt_apt29_thinktanks.yml b/rules/windows/process_creation/win_apt_apt29_thinktanks.yml
index 69a911e44..770ad56b1 100644
--- a/rules/windows/process_creation/win_apt_apt29_thinktanks.yml
+++ b/rules/windows/process_creation/win_apt_apt29_thinktanks.yml
@@ -1,8 +1,9 @@
 title: APT29
 id: 033fe7d6-66d1-4240-ac6b-28908009c71f
-description: This method detects a suspicious powershell command line combination as used by APT29 in a campaign against US think tanks
+description: This method detects a suspicious PowerShell command line combination as used by APT29 in a campaign against U.S. think tanks.
 references:
-    - https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
+    - https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
+    - https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html
 tags:
     - attack.execution
     - attack.g0016