diff --git a/rules/windows/file/file_event/file_event_win_iso_file_mount.yml b/rules/windows/file/file_event/file_event_win_iso_file_mount.yml
index 031e74836..19bd73e2e 100644
--- a/rules/windows/file/file_event/file_event_win_iso_file_mount.yml
+++ b/rules/windows/file/file_event/file_event_win_iso_file_mount.yml
@@ -5,6 +5,7 @@ description: Detects the creation of a ISO file in the Outlook temp folder or in
 references:
     - https://twitter.com/Sam0x90/status/1552011547974696960
     - https://securityaffairs.co/wordpress/133680/malware/dll-sideloading-spread-qakbot.html
+    - https://github.com/redcanaryco/atomic-red-team/blob/0f229c0e42bfe7ca736a14023836d65baa941ed2/atomics/T1553.005/T1553.005.md#atomic-test-1---mount-iso-image
 author: '@sam0x90'
 date: 2022/07/30
 tags: