diff --git a/rules/windows/process_creation/proc_creation_win_csc_susp_dynamic_compilation.yml b/rules/windows/process_creation/proc_creation_win_csc_susp_dynamic_compilation.yml
index 2e411584e..20d391e30 100644
--- a/rules/windows/process_creation/proc_creation_win_csc_susp_dynamic_compilation.yml
+++ b/rules/windows/process_creation/proc_creation_win_csc_susp_dynamic_compilation.yml
@@ -7,6 +7,7 @@ references:
     - https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf
     - https://app.any.run/tasks/c6993447-d1d8-414e-b856-675325e5aa09/
     - https://twitter.com/gN3mes1s/status/1206874118282448897
+    - https://github.com/redcanaryco/atomic-red-team/blob/b27a3cb25025161d49ac861cb216db68c46a3537/atomics/T1027.004/T1027.004.md#atomic-test-1---compile-after-delivery-using-cscexe
 author: Florian Roth (Nextron Systems)
 date: 2019/08/24
 modified: 2023/08/02