From 291ca18d22f720f2ebcd30cf468f4434cecccdaa Mon Sep 17 00:00:00 2001
From: securepeacock <92804416+securepeacock@users.noreply.github.com>
Date: Wed, 23 Aug 2023 12:59:03 -0400
Subject: [PATCH] Merge pull request #4389 from @securepeacock

chore: Dynamic .NET Compilation Via Csc.EXE - add new reference
---
 .../proc_creation_win_csc_susp_dynamic_compilation.yml           | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/process_creation/proc_creation_win_csc_susp_dynamic_compilation.yml b/rules/windows/process_creation/proc_creation_win_csc_susp_dynamic_compilation.yml
index 2e411584e..20d391e30 100644
--- a/rules/windows/process_creation/proc_creation_win_csc_susp_dynamic_compilation.yml
+++ b/rules/windows/process_creation/proc_creation_win_csc_susp_dynamic_compilation.yml
@@ -7,6 +7,7 @@ references:
     - https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf
     - https://app.any.run/tasks/c6993447-d1d8-414e-b856-675325e5aa09/
     - https://twitter.com/gN3mes1s/status/1206874118282448897
+    - https://github.com/redcanaryco/atomic-red-team/blob/b27a3cb25025161d49ac861cb216db68c46a3537/atomics/T1027.004/T1027.004.md#atomic-test-1---compile-after-delivery-using-cscexe
 author: Florian Roth (Nextron Systems)
 date: 2019/08/24
 modified: 2023/08/02