diff --git a/rules/windows/process_creation/proc_creation_win_renamed_plink.yml b/rules/windows/process_creation/proc_creation_win_renamed_plink.yml
index 5a07a8d0d..e778a686d 100644
--- a/rules/windows/process_creation/proc_creation_win_renamed_plink.yml
+++ b/rules/windows/process_creation/proc_creation_win_renamed_plink.yml
@@ -5,6 +5,7 @@ description: Execution of a renamed version of the Plink binary
 author: Nasreddine Bencherchali
 references:
     - https://thedfirreport.com/2022/06/06/will-the-real-msiexec-please-stand-up-exploit-leads-to-data-exfiltration/
+    - https://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter7.html
 date: 2022/06/06
 logsource:
     category: process_creation