diff --git a/rules/windows/process_creation/proc_creation_win_susp_win_server_undocumented_rce.yml b/rules/windows/process_creation/proc_creation_win_susp_win_server_undocumented_rce.yml
index dab7a9382..226abe7f8 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_win_server_undocumented_rce.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_win_server_undocumented_rce.yml
@@ -4,6 +4,7 @@ status: experimental
 description: Detects potential exploitation attempt of undocumented Windows Server Pre Auth Remote Code Execution (RCE)
 references:
     - https://twitter.com/YanZiShuang/status/1616777483646533632?s=20&t=TQT9tUuPbQJai4v6HtsOQw
+    - https://twitter.com/hackerfantastic/status/1616455335203438592?s=20
 author: Florian Roth, Nasreddine Bencherchali
 date: 2023/01/21
 logsource: