diff --git a/rules-threat-hunting/windows/registry/registry_set/registry_set_runmru_command_execution.yml b/rules-threat-hunting/windows/registry/registry_set/registry_set_runmru_command_execution.yml
index 7fb8a360f0a..b4032e6f38a 100644
--- a/rules-threat-hunting/windows/registry/registry_set/registry_set_runmru_command_execution.yml
+++ b/rules-threat-hunting/windows/registry/registry_set/registry_set_runmru_command_execution.yml
@@ -10,6 +10,7 @@ description: |
 references:
     - https://www.forensafe.com/blogs/runmrukey.html
     - https://medium.com/@shaherzakaria8/downloading-trojan-lumma-infostealer-through-capatcha-1f25255a0e71
+    - https://redcanary.com/blog/threat-intelligence/intelligence-insights-october-2024/
 author: Ahmed Farouk, Nasreddine Bencherchali
 date: 2024-11-01
 tags:
diff --git a/rules/windows/registry/registry_set/registry_set_runmru_susp_command_execution.yml b/rules/windows/registry/registry_set/registry_set_runmru_susp_command_execution.yml
index 6a6613ec96a..1d92c06231c 100644
--- a/rules/windows/registry/registry_set/registry_set_runmru_susp_command_execution.yml
+++ b/rules/windows/registry/registry_set/registry_set_runmru_susp_command_execution.yml
@@ -11,6 +11,7 @@ references:
     - https://medium.com/@ahmed.moh.farou2/fake-captcha-campaign-on-arabic-pirated-movie-sites-delivers-lumma-stealer-4f203f7adabf
     - https://medium.com/@shaherzakaria8/downloading-trojan-lumma-infostealer-through-capatcha-1f25255a0e71
     - https://www.forensafe.com/blogs/runmrukey.html
+    - https://redcanary.com/blog/threat-intelligence/intelligence-insights-october-2024/
 author: Ahmed Farouk, Nasreddine Bencherchali
 date: 2024-11-01
 tags: