From c7b5eb65b0c7fcb58cdc7e9fd5a4decd3297d17e Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Tue, 7 Jun 2022 10:43:23 +0200
Subject: [PATCH] Update proc_creation_win_renamed_plink.yml

---
 .../windows/process_creation/proc_creation_win_renamed_plink.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/process_creation/proc_creation_win_renamed_plink.yml b/rules/windows/process_creation/proc_creation_win_renamed_plink.yml
index 5a07a8d0d..e778a686d 100644
--- a/rules/windows/process_creation/proc_creation_win_renamed_plink.yml
+++ b/rules/windows/process_creation/proc_creation_win_renamed_plink.yml
@@ -5,6 +5,7 @@ description: Execution of a renamed version of the Plink binary
 author: Nasreddine Bencherchali
 references:
     - https://thedfirreport.com/2022/06/06/will-the-real-msiexec-please-stand-up-exploit-leads-to-data-exfiltration/
+    - https://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter7.html
 date: 2022/06/06
 logsource:
     category: process_creation