diff --git a/rules-emerging-threats/2017/TA/Turla/win_system_apt_turla_service_png.yml b/rules-emerging-threats/2017/TA/Turla/win_system_apt_turla_service_png.yml
index 1562c787175..bc83f7e4525 100644
--- a/rules-emerging-threats/2017/TA/Turla/win_system_apt_turla_service_png.yml
+++ b/rules-emerging-threats/2017/TA/Turla/win_system_apt_turla_service_png.yml
@@ -3,7 +3,7 @@ id: 1228f8e2-7e79-4dea-b0ad-c91f1d5016c1
 status: test
 description: This method detects malicious services mentioned in Turla PNG dropper report by NCC Group in November 2018
 references:
-    - https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/
+    - https://research.nccgroup.com/2018/11/22/turla-png-dropper-is-back/
 author: Florian Roth (Nextron Systems)
 date: 2018/11/23
 modified: 2021/11/30
diff --git a/rules-emerging-threats/2019/Exploits/CVE-2019-1378/proc_creation_win_exploit_cve_2019_1378.yml b/rules-emerging-threats/2019/Exploits/CVE-2019-1378/proc_creation_win_exploit_cve_2019_1378.yml
index 542561dc515..6ecabce62f8 100644
--- a/rules-emerging-threats/2019/Exploits/CVE-2019-1378/proc_creation_win_exploit_cve_2019_1378.yml
+++ b/rules-emerging-threats/2019/Exploits/CVE-2019-1378/proc_creation_win_exploit_cve_2019_1378.yml
@@ -3,7 +3,7 @@ id: 1c373b6d-76ce-4553-997d-8c1da9a6b5f5
 status: test
 description: Detects exploitation attempt of privilege escalation vulnerability via SetupComplete.cmd and PartnerSetupComplete.cmd described in CVE-2019-1378
 references:
-    - https://www.embercybersecurity.com/blog/cve-2019-1378-exploiting-an-access-control-privilege-escalation-vulnerability-in-windows-10-update-assistant-wua
+    - https://web.archive.org/web/20200530031708/https://www.embercybersecurity.com/blog/cve-2019-1378-exploiting-an-access-control-privilege-escalation-vulnerability-in-windows-10-update-assistant-wua
 author: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro
 date: 2019/11/15
 modified: 2021/11/27
diff --git a/rules-emerging-threats/2021/Exploits/CVE-2021-44228/web_cve_2021_44228_log4j.yml b/rules-emerging-threats/2021/Exploits/CVE-2021-44228/web_cve_2021_44228_log4j.yml
index 85c971186ec..28a988627e8 100644
--- a/rules-emerging-threats/2021/Exploits/CVE-2021-44228/web_cve_2021_44228_log4j.yml
+++ b/rules-emerging-threats/2021/Exploits/CVE-2021-44228/web_cve_2021_44228_log4j.yml
@@ -3,7 +3,7 @@ id: 5ea8faa8-db8b-45be-89b0-151b84c82702
 status: test
 description: Detects exploitation attempt against log4j RCE vulnerability reported as CVE-2021-44228 (Log4Shell)
 references:
-    - https://www.lunasec.io/docs/blog/log4j-zero-day/
+    - https://web.archive.org/web/20231230220738/https://www.lunasec.io/docs/blog/log4j-zero-day/
     - https://news.ycombinator.com/item?id=29504755
     - https://github.com/tangxiaofeng7/apache-log4j-poc
     - https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
diff --git a/rules-emerging-threats/2021/Exploits/CVE-2021-44228/web_cve_2021_44228_log4j_fields.yml b/rules-emerging-threats/2021/Exploits/CVE-2021-44228/web_cve_2021_44228_log4j_fields.yml
index 4a2ef9565d7..8707f74931c 100644
--- a/rules-emerging-threats/2021/Exploits/CVE-2021-44228/web_cve_2021_44228_log4j_fields.yml
+++ b/rules-emerging-threats/2021/Exploits/CVE-2021-44228/web_cve_2021_44228_log4j_fields.yml
@@ -3,7 +3,7 @@ id: 9be472ed-893c-4ec0-94da-312d2765f654
 status: test
 description: Detects exploitation attempt against log4j RCE vulnerability reported as CVE-2021-44228 in different header fields found in web server logs (Log4Shell)
 references:
-    - https://www.lunasec.io/docs/blog/log4j-zero-day/
+    - https://web.archive.org/web/20231230220738/https://www.lunasec.io/docs/blog/log4j-zero-day/
     - https://news.ycombinator.com/item?id=29504755
     - https://github.com/tangxiaofeng7/apache-log4j-poc
     - https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
diff --git a/rules-threat-hunting/web/proxy_generic/proxy_susp_class_extension_request.yml b/rules-threat-hunting/web/proxy_generic/proxy_susp_class_extension_request.yml
index c94fe2c053b..9b912cc0280 100644
--- a/rules-threat-hunting/web/proxy_generic/proxy_susp_class_extension_request.yml
+++ b/rules-threat-hunting/web/proxy_generic/proxy_susp_class_extension_request.yml
@@ -5,7 +5,7 @@ description: |
     Detects requests to URI ending with the ".class" extension in proxy logs.
     This could rules can be used to hunt for potential downloads of Java classes as seen for example in Log4shell exploitation attacks against Log4j.
 references:
-    - https://www.lunasec.io/docs/blog/log4j-zero-day/
+    - https://web.archive.org/web/20231230220738/https://www.lunasec.io/docs/blog/log4j-zero-day/
 author: Andreas Hunkeler (@Karneades)
 date: 2021/12/21
 modified: 2024/02/26
diff --git a/rules-threat-hunting/windows/process_creation/proc_creation_win_rundll32_by_ordinal.yml b/rules-threat-hunting/windows/process_creation/proc_creation_win_rundll32_by_ordinal.yml
index ed303b33ce3..bf4274cce00 100644
--- a/rules-threat-hunting/windows/process_creation/proc_creation_win_rundll32_by_ordinal.yml
+++ b/rules-threat-hunting/windows/process_creation/proc_creation_win_rundll32_by_ordinal.yml
@@ -3,7 +3,7 @@ id: e79a9e79-eb72-4e78-a628-0e7e8f59e89c
 status: stable
 description: Detects calls of DLLs exports by ordinal numbers via rundll32.dll.
 references:
-    - https://techtalk.pcmatic.com/2017/11/30/running-dll-files-malware-analysis/
+    - https://web.archive.org/web/20200530031906/https://techtalk.pcmatic.com/2017/11/30/running-dll-files-malware-analysis/
     - https://github.com/Neo23x0/DLLRunner
     - https://twitter.com/cyb3rops/status/1186631731543236608
     - https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
diff --git a/rules/linux/auditd/lnx_auditd_unix_shell_configuration_modification.yml b/rules/linux/auditd/lnx_auditd_unix_shell_configuration_modification.yml
index 5c76b3f5bdf..125006950c0 100644
--- a/rules/linux/auditd/lnx_auditd_unix_shell_configuration_modification.yml
+++ b/rules/linux/auditd/lnx_auditd_unix_shell_configuration_modification.yml
@@ -7,7 +7,7 @@ status: test
 description: Detect unix shell configuration modification. Adversaries may establish persistence through executing malicious commands triggered when a new shell is opened.
 references:
     - https://objective-see.org/blog/blog_0x68.html
-    - https://www.glitch-cat.com/p/green-lambert-and-attack
+    - https://web.archive.org/web/20221204161143/https://www.glitch-cat.com/p/green-lambert-and-attack
     - https://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat
 author: Peter Matkovski, IAI
 date: 2023/03/06
diff --git a/rules/web/webserver_generic/web_jndi_exploit.yml b/rules/web/webserver_generic/web_jndi_exploit.yml
index 83c9ac28dd4..538c64f0b22 100644
--- a/rules/web/webserver_generic/web_jndi_exploit.yml
+++ b/rules/web/webserver_generic/web_jndi_exploit.yml
@@ -4,7 +4,7 @@ status: test
 description: Detects exploitation attempt using the JNDI-Exploit-Kit
 references:
     - https://github.com/pimps/JNDI-Exploit-Kit
-    - https://githubmemory.com/repo/FunctFan/JNDIExploit
+    - https://web.archive.org/web/20231015205935/https://githubmemory.com/repo/FunctFan/JNDIExploit
 author: Florian Roth (Nextron Systems)
 date: 2021/12/12
 modified: 2022/12/25
diff --git a/rules/windows/image_load/image_load_dll_rstrtmgr_suspicious_load.yml b/rules/windows/image_load/image_load_dll_rstrtmgr_suspicious_load.yml
index 3508612218f..ad640f5bc42 100644
--- a/rules/windows/image_load/image_load_dll_rstrtmgr_suspicious_load.yml
+++ b/rules/windows/image_load/image_load_dll_rstrtmgr_suspicious_load.yml
@@ -11,7 +11,7 @@ description: |
 references:
     - https://www.crowdstrike.com/blog/windows-restart-manager-part-1/
     - https://www.crowdstrike.com/blog/windows-restart-manager-part-2/
-    - https://www.swascan.com/cactus-ransomware-malware-analysis/
+    - https://web.archive.org/web/20231221193106/https://www.swascan.com/cactus-ransomware-malware-analysis/
     - https://taiwan.postsen.com/business/88601/Hamas-hackers-use-data-destruction-software-BiBi-which-consumes-a-lot-of-processor-resources-to-wipe-Windows-computer-data--iThome.html
 author: Luc Génaux
 date: 2023/11/28
diff --git a/rules/windows/image_load/image_load_dll_rstrtmgr_uncommon_load.yml b/rules/windows/image_load/image_load_dll_rstrtmgr_uncommon_load.yml
index 67cecc0da57..62b11f22489 100644
--- a/rules/windows/image_load/image_load_dll_rstrtmgr_uncommon_load.yml
+++ b/rules/windows/image_load/image_load_dll_rstrtmgr_uncommon_load.yml
@@ -11,7 +11,7 @@ description: |
 references:
     - https://www.crowdstrike.com/blog/windows-restart-manager-part-1/
     - https://www.crowdstrike.com/blog/windows-restart-manager-part-2/
-    - https://www.swascan.com/cactus-ransomware-malware-analysis/
+    - https://web.archive.org/web/20231221193106/https://www.swascan.com/cactus-ransomware-malware-analysis/
     - https://taiwan.postsen.com/business/88601/Hamas-hackers-use-data-destruction-software-BiBi-which-consumes-a-lot-of-processor-resources-to-wipe-Windows-computer-data--iThome.html
 author: Luc Génaux
 date: 2023/11/28
diff --git a/rules/windows/image_load/image_load_side_load_appverifui.yml b/rules/windows/image_load/image_load_side_load_appverifui.yml
index 0e06be8b9db..43932ba19da 100644
--- a/rules/windows/image_load/image_load_side_load_appverifui.yml
+++ b/rules/windows/image_load/image_load_side_load_appverifui.yml
@@ -3,7 +3,7 @@ id: ee6cea48-c5b6-4304-a332-10fc6446f484
 status: test
 description: Detects potential DLL sideloading of "appverifUI.dll"
 references:
-    - https://fatrodzianko.com/2020/02/15/dll-side-loading-appverif-exe/
+    - https://web.archive.org/web/20220519091349/https://fatrodzianko.com/2020/02/15/dll-side-loading-appverif-exe/
 author: X__Junior (Nextron Systems)
 date: 2023/06/20
 tags:
diff --git a/rules/windows/network_connection/net_connection_win_domain_dead_drop_resolvers.yml b/rules/windows/network_connection/net_connection_win_domain_dead_drop_resolvers.yml
index b4e27a38dbd..17d1e842eec 100644
--- a/rules/windows/network_connection/net_connection_win_domain_dead_drop_resolvers.yml
+++ b/rules/windows/network_connection/net_connection_win_domain_dead_drop_resolvers.yml
@@ -8,7 +8,7 @@ description: |
     Detects an executable, which is not an internet browser or known application, initiating network connections to legit popular websites, which were seen to be used as dead drop resolvers in previous attacks.
     In this context attackers leverage known websites such as "facebook", "youtube", etc. In order to pass through undetected.
 references:
-    - https://content.fireeye.com/apt-41/rpt-apt41
+    - https://web.archive.org/web/20220830134315/https://content.fireeye.com/apt-41/rpt-apt41/
     - https://securelist.com/the-tetrade-brazilian-banking-malware/97779/
     - https://blog.bushidotoken.net/2021/04/dead-drop-resolvers-espionage-inspired.html
     - https://github.com/kleiton0x00/RedditC2
diff --git a/rules/windows/process_creation/proc_creation_win_hktl_secutyxploded.yml b/rules/windows/process_creation/proc_creation_win_hktl_secutyxploded.yml
index 11962f445b4..a4dff503acb 100644
--- a/rules/windows/process_creation/proc_creation_win_hktl_secutyxploded.yml
+++ b/rules/windows/process_creation/proc_creation_win_hktl_secutyxploded.yml
@@ -4,7 +4,7 @@ status: stable
 description: Detects the execution of SecurityXploded Tools
 references:
     - https://securityxploded.com/
-    - https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/
+    - https://web.archive.org/web/20200601000524/https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/
 author: Florian Roth (Nextron Systems)
 date: 2018/12/19
 modified: 2023/02/04
diff --git a/rules/windows/process_creation/proc_creation_win_java_susp_child_process.yml b/rules/windows/process_creation/proc_creation_win_java_susp_child_process.yml
index 76637ef15c9..9f367f33688 100644
--- a/rules/windows/process_creation/proc_creation_win_java_susp_child_process.yml
+++ b/rules/windows/process_creation/proc_creation_win_java_susp_child_process.yml
@@ -6,7 +6,7 @@ related:
 status: experimental
 description: Detects suspicious processes spawned from a Java host process which could indicate a sign of exploitation (e.g. log4j)
 references:
-    - https://www.lunasec.io/docs/blog/log4j-zero-day/
+    - https://web.archive.org/web/20231230220738/https://www.lunasec.io/docs/blog/log4j-zero-day/
 author: Andreas Hunkeler (@Karneades), Florian Roth
 date: 2021/12/17
 modified: 2024/01/18
diff --git a/rules/windows/process_creation/proc_creation_win_java_susp_child_process_2.yml b/rules/windows/process_creation/proc_creation_win_java_susp_child_process_2.yml
index 70e02fb6726..48cf1412e5b 100644
--- a/rules/windows/process_creation/proc_creation_win_java_susp_child_process_2.yml
+++ b/rules/windows/process_creation/proc_creation_win_java_susp_child_process_2.yml
@@ -6,7 +6,7 @@ related:
 status: test
 description: Detects shell spawned from Java host process, which could be a sign of exploitation (e.g. log4j exploitation)
 references:
-    - https://www.lunasec.io/docs/blog/log4j-zero-day/
+    - https://web.archive.org/web/20231230220738/https://www.lunasec.io/docs/blog/log4j-zero-day/
 author: Andreas Hunkeler (@Karneades), Nasreddine Bencherchali
 date: 2021/12/17
 modified: 2024/01/18
diff --git a/rules/windows/process_creation/proc_creation_win_netsh_fw_add_rule.yml b/rules/windows/process_creation/proc_creation_win_netsh_fw_add_rule.yml
index 7e36ad11364..0a903d4187e 100644
--- a/rules/windows/process_creation/proc_creation_win_netsh_fw_add_rule.yml
+++ b/rules/windows/process_creation/proc_creation_win_netsh_fw_add_rule.yml
@@ -3,7 +3,7 @@ id: cd5cfd80-aa5f-44c0-9c20-108c4ae12e3c
 status: test
 description: Detects the addition of a new rule to the Windows firewall via netsh
 references:
-    - https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf
+    - https://web.archive.org/web/20190508165435/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf
 author: Markus Neis, Sander Wiebing
 date: 2019/01/29
 modified: 2023/02/10
diff --git a/rules/windows/process_creation/proc_creation_win_pua_advancedrun.yml b/rules/windows/process_creation/proc_creation_win_pua_advancedrun.yml
index af649249af9..fc72e197338 100644
--- a/rules/windows/process_creation/proc_creation_win_pua_advancedrun.yml
+++ b/rules/windows/process_creation/proc_creation_win_pua_advancedrun.yml
@@ -8,7 +8,7 @@ description: Detects the execution of AdvancedRun utility
 references:
     - https://twitter.com/splinter_code/status/1483815103279603714
     - https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3
-    - https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/
+    - https://www.elastic.co/security-labs/operation-bleeding-bear
     - https://www.winhelponline.com/blog/run-program-as-system-localsystem-account-windows/
 author: Florian Roth (Nextron Systems)
 date: 2022/01/20
diff --git a/rules/windows/process_creation/proc_creation_win_pua_advancedrun_priv_user.yml b/rules/windows/process_creation/proc_creation_win_pua_advancedrun_priv_user.yml
index f285dcdb8a9..331d4a3e8dc 100644
--- a/rules/windows/process_creation/proc_creation_win_pua_advancedrun_priv_user.yml
+++ b/rules/windows/process_creation/proc_creation_win_pua_advancedrun_priv_user.yml
@@ -8,7 +8,7 @@ description: Detects the execution of AdvancedRun utility in the context of the
 references:
     - https://twitter.com/splinter_code/status/1483815103279603714
     - https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3
-    - https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/
+    - https://www.elastic.co/security-labs/operation-bleeding-bear
     - https://www.winhelponline.com/blog/run-program-as-system-localsystem-account-windows/
 author: Florian Roth (Nextron Systems)
 date: 2022/01/20
diff --git a/rules/windows/process_creation/proc_creation_win_pua_nsudo.yml b/rules/windows/process_creation/proc_creation_win_pua_nsudo.yml
index 8521ff1f8b6..9da2bd8591b 100644
--- a/rules/windows/process_creation/proc_creation_win_pua_nsudo.yml
+++ b/rules/windows/process_creation/proc_creation_win_pua_nsudo.yml
@@ -3,7 +3,7 @@ id: 771d1eb5-9587-4568-95fb-9ec44153a012
 status: test
 description: Detects the use of NSudo tool for command execution
 references:
-    - https://nsudo.m2team.org/en-us/
+    - https://web.archive.org/web/20221019044836/https://nsudo.m2team.org/en-us/
     - https://www.winhelponline.com/blog/run-program-as-system-localsystem-account-windows/
 author: Florian Roth (Nextron Systems), Nasreddine Bencherchali
 date: 2022/01/24
diff --git a/rules/windows/process_creation/proc_creation_win_susp_proc_wrong_parent.yml b/rules/windows/process_creation/proc_creation_win_susp_proc_wrong_parent.yml
index c6d598d71e5..f89f6fd2441 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_proc_wrong_parent.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_proc_wrong_parent.yml
@@ -3,7 +3,7 @@ id: 96036718-71cc-4027-a538-d1587e0006a7
 status: test
 description: Detect suspicious parent processes of well-known Windows processes
 references:
-    - https://securitybytes.io/blue-team-fundamentals-part-two-windows-processes-759fe15965e2
+    - https://web.archive.org/web/20180718061628/https://securitybytes.io/blue-team-fundamentals-part-two-windows-processes-759fe15965e2
     - https://www.carbonblack.com/2014/06/10/screenshot-demo-hunt-evil-faster-than-ever-with-carbon-black/
     - https://www.13cubed.com/downloads/windows_process_genealogy_v2.pdf
 author: vburov
diff --git a/rules/windows/process_creation/proc_creation_win_svchost_execution_with_no_cli_flags.yml b/rules/windows/process_creation/proc_creation_win_svchost_execution_with_no_cli_flags.yml
index 14a13591f6e..8c3c5f9be7d 100644
--- a/rules/windows/process_creation/proc_creation_win_svchost_execution_with_no_cli_flags.yml
+++ b/rules/windows/process_creation/proc_creation_win_svchost_execution_with_no_cli_flags.yml
@@ -3,7 +3,7 @@ id: 16c37b52-b141-42a5-a3ea-bbe098444397
 status: test
 description: It is extremely abnormal for svchost.exe to spawn without any CLI arguments and is normally observed when a malicious process spawns the process and injects code into the process memory space.
 references:
-    - https://securitybytes.io/blue-team-fundamentals-part-two-windows-processes-759fe15965e2
+    - https://web.archive.org/web/20180718061628/https://securitybytes.io/blue-team-fundamentals-part-two-windows-processes-759fe15965e2
 author: David Burkett, @signalblur
 date: 2019/12/28
 modified: 2022/06/27
diff --git a/rules/windows/process_creation/proc_creation_win_whoami_execution_from_high_priv_process.yml b/rules/windows/process_creation/proc_creation_win_whoami_execution_from_high_priv_process.yml
index ca3d55e499d..45e25fe47b4 100644
--- a/rules/windows/process_creation/proc_creation_win_whoami_execution_from_high_priv_process.yml
+++ b/rules/windows/process_creation/proc_creation_win_whoami_execution_from_high_priv_process.yml
@@ -7,7 +7,7 @@ status: experimental
 description: Detects the execution of "whoami.exe" by privileged accounts that are often abused by threat actors
 references:
     - https://speakerdeck.com/heirhabarov/hunting-for-privilege-escalation-in-windows-environment
-    - https://nsudo.m2team.org/en-us/
+    - https://web.archive.org/web/20221019044836/https://nsudo.m2team.org/en-us/
 author: Florian Roth (Nextron Systems), Teymur Kheirkhabarov
 date: 2022/01/28
 modified: 2023/12/04