diff --git a/rules/windows/builtin/win_suspicious_outbound_kerberos_connection.yml b/rules/windows/builtin/win_suspicious_outbound_kerberos_connection.yml
index c975f68f7..6b172fb38 100644
--- a/rules/windows/builtin/win_suspicious_outbound_kerberos_connection.yml
+++ b/rules/windows/builtin/win_suspicious_outbound_kerberos_connection.yml
@@ -3,7 +3,7 @@ id: eca91c7c-9214-47b9-b4c5-cb1d7e4f2350
 status: experimental
 description: Detects suspicious outbound network activity via kerberos default port indicating possible lateral movement or first stage PrivEsc via delegation.
 references:
-    - https://github.com/GhostPack/Rubeus8
+    - https://github.com/GhostPack/Rubeus
 author: Ilyas Ochkov, oscd.community
 date: 2019/10/24
 modified: 2019/11/13