diff --git a/rules/windows/file/file_change/file_change_win_unusual_modification_by_dns_exe.yml b/rules/windows/file/file_change/file_change_win_unusual_modification_by_dns_exe.yml
index 08eaddcd0..46f01c03d 100644
--- a/rules/windows/file/file_change/file_change_win_unusual_modification_by_dns_exe.yml
+++ b/rules/windows/file/file_change/file_change_win_unusual_modification_by_dns_exe.yml
@@ -6,7 +6,7 @@ related:
 status: test
 description: Detects an unexpected file being modified by dns.exe which my indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)
 references:
-    - https://www.elastic.co/guide/en/security/current/unusual-file-modification-by-dns.exe.html
+    - https://www.elastic.co/guide/en/security/current/unusual-file-modification-by-dns-exe.html
 author: Tim Rauch (Nextron Systems), Elastic (idea)
 date: 2022/09/27
 tags:
diff --git a/rules/windows/file/file_delete/file_delete_win_unusual_deletion_by_dns_exe.yml b/rules/windows/file/file_delete/file_delete_win_unusual_deletion_by_dns_exe.yml
index 1cca90ad5..07911961f 100644
--- a/rules/windows/file/file_delete/file_delete_win_unusual_deletion_by_dns_exe.yml
+++ b/rules/windows/file/file_delete/file_delete_win_unusual_deletion_by_dns_exe.yml
@@ -6,7 +6,7 @@ related:
 status: test
 description: Detects an unexpected file being deleted by dns.exe which my indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)
 references:
-    - https://www.elastic.co/guide/en/security/current/unusual-file-modification-by-dns.exe.html
+    - https://www.elastic.co/guide/en/security/current/unusual-file-modification-by-dns-exe.html
 author: Tim Rauch (Nextron Systems), Elastic (idea)
 date: 2022/09/27
 modified: 2023/02/15
diff --git a/rules/windows/process_creation/proc_creation_win_dns_susp_child_process.yml b/rules/windows/process_creation/proc_creation_win_dns_susp_child_process.yml
index 4c887aad8..81d7c3cb9 100644
--- a/rules/windows/process_creation/proc_creation_win_dns_susp_child_process.yml
+++ b/rules/windows/process_creation/proc_creation_win_dns_susp_child_process.yml
@@ -3,7 +3,7 @@ id: a4e3d776-f12e-42c2-8510-9e6ed1f43ec3
 status: test
 description: Detects an unexpected process spawning from dns.exe which may indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)
 references:
-    - https://www.elastic.co/guide/en/security/current/unusual-child-process-of-dns.exe.html
+    - https://www.elastic.co/guide/en/security/current/unusual-child-process-of-dns-exe.html
 author: Tim Rauch, Elastic (idea)
 date: 2022/09/27
 modified: 2023/02/05
diff --git a/tests/rule-references.txt b/tests/rule-references.txt
index 54c07bab7..7030e42c1 100644
--- a/tests/rule-references.txt
+++ b/tests/rule-references.txt
@@ -2711,7 +2711,7 @@ https://github.com/elastic/detection-rules/pull/1214
 https://twitter.com/Hexacorn/status/1420053502554951689
 https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-wmiobject?view=powershell-5.1&viewFallbackFrom=powershell-7
 https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
-https://www.elastic.co/guide/en/security/current/unusual-child-process-of-dns.exe.html
+https://www.elastic.co/guide/en/security/current/unusual-child-process-of-dns-exe.html
 https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor
 https://www.securonix.com/blog/detecting-microsoft-msdt-dogwalk/
 https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/Advanced%20IP%20Scanner