From ca5064cf003f433c29ef65bb6397da717dcf11e4 Mon Sep 17 00:00:00 2001
From: Zeta <38060942+0xzeta@users.noreply.github.com>
Date: Fri, 3 Feb 2023 21:30:14 +0700
Subject: [PATCH] update permalink

---
 .../proc_creation_win_susp_rundll32_script_run.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_susp_rundll32_script_run.yml b/rules/windows/process_creation/proc_creation_win_susp_rundll32_script_run.yml
index c293db94f..c438dbfc8 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_rundll32_script_run.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_rundll32_script_run.yml
@@ -4,7 +4,7 @@ status: experimental
 description: Detects suspicious process related to rundll32 based on arguments
 references:
     - https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52
-    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md#atomic-test-3---rundll32-execute-vbscript-command-using-ordinal-number
+    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md
 author: frack113, Zaw Min Htun (ZETA)
 date: 2021/12/04
 modified: 2023/02/03