update: add new ref

Author: swachchhanda000

rules/windows/process_creation/proc_creation_win_lolbin_sftp_indirect_cmd_execution.yml

@@ -5,6 +5,7 @@ description: |
     Detects potential abuse of SFTP.exe to execute commands indirectly via ProxyCommand parameter.
     Threat actors can leverage this legitimate Windows binary to bypass security controls and execute arbitrary commands while evading detection.
 references:
+    - https://lolbas-project.github.io/lolbas/Binaries/Sftp/
     - https://news.sophos.com/en-us/2025/05/09/lumma-stealer-coming-and-going/
 author: Swachchhanda Shrawan Poudel (Nextron Systems)
 date: 2025-05-13