diff --git a/rules/windows/process_creation/win_malware_conti.yml b/rules/windows/process_creation/win_malware_conti.yml
index 45a57e0af..c529a3bac 100644
--- a/rules/windows/process_creation/win_malware_conti.yml
+++ b/rules/windows/process_creation/win_malware_conti.yml
@@ -6,6 +6,7 @@ date: 2021/08/09
 status: experimental
 references:
     - https://twitter.com/vxunderground/status/1423336151860002816?s=20
+    - https://www.virustotal.com/gui/file/03e9b8c2e86d6db450e5eceec057d7e369ee2389b9daecaf06331a95410aa5f8/detection
 logsource:
     category: process_creation
     product: windows
diff --git a/rules/windows/process_creation/win_malware_conti_7zip.yml b/rules/windows/process_creation/win_malware_conti_7zip.yml
index 7f5cbeb07..15198fae6 100644
--- a/rules/windows/process_creation/win_malware_conti_7zip.yml
+++ b/rules/windows/process_creation/win_malware_conti_7zip.yml
@@ -6,6 +6,7 @@ date: 2021/08/09
 status: experimental
 references:
     - https://twitter.com/vxunderground/status/1423336151860002816?s=20
+    - https://www.virustotal.com/gui/file/03e9b8c2e86d6db450e5eceec057d7e369ee2389b9daecaf06331a95410aa5f8/detection
 logsource:
     category: process_creation
     product: windows
diff --git a/rules/windows/process_creation/win_malware_conti_shadowcopy.yml b/rules/windows/process_creation/win_malware_conti_shadowcopy.yml
index 73c8c6a95..3292bcba0 100644
--- a/rules/windows/process_creation/win_malware_conti_shadowcopy.yml
+++ b/rules/windows/process_creation/win_malware_conti_shadowcopy.yml
@@ -6,6 +6,7 @@ date: 2021/08/09
 status: experimental
 references:
     - https://twitter.com/vxunderground/status/1423336151860002816?s=20
+    - https://www.virustotal.com/gui/file/03e9b8c2e86d6db450e5eceec057d7e369ee2389b9daecaf06331a95410aa5f8/detection
 logsource:
     category: process_creation
     product: windows
diff --git a/rules/windows/process_creation/win_susp_cmd_shadowcopy_access.yml b/rules/windows/process_creation/win_susp_cmd_shadowcopy_access.yml
index 5c5f1de5d..319eef8eb 100644
--- a/rules/windows/process_creation/win_susp_cmd_shadowcopy_access.yml
+++ b/rules/windows/process_creation/win_susp_cmd_shadowcopy_access.yml
@@ -6,6 +6,7 @@ date: 2021/08/09
 status: experimental
 references:
     - https://twitter.com/vxunderground/status/1423336151860002816?s=20
+    - https://www.virustotal.com/gui/file/03e9b8c2e86d6db450e5eceec057d7e369ee2389b9daecaf06331a95410aa5f8/detection
 logsource:
     category: process_creation
     product: windows