diff --git a/rules/windows/process_creation/proc_creation_win_susp_manageengine_pattern.yml b/rules/windows/process_creation/proc_creation_win_susp_manageengine_pattern.yml
index 4343e53e6..c757af7d0 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_manageengine_pattern.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_manageengine_pattern.yml
@@ -4,7 +4,7 @@ status: experimental
 description: Detects suspicious sub processes started by the Manage Engine ServiceDesk Plus Java web service process
 references:
     - https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
-    - https://github.com/horizon3ai/CVE-2022-47966/blob/main/CVE-2022-47966.py
+    - https://github.com/horizon3ai/CVE-2022-47966/blob/3a51c6b72ebbd87392babd955a8fbeaee2090b35/CVE-2022-47966.py
     - https://blog.viettelcybersecurity.com/saml-show-stopper/
 author: Florian Roth
 date: 2023/01/18