diff --git a/rules/windows/registry_event/sysmon_reg_office_security.yml b/rules/windows/registry_event/sysmon_reg_office_security.yml
index eac91c79d..1ef9cf359 100644
--- a/rules/windows/registry_event/sysmon_reg_office_security.yml
+++ b/rules/windows/registry_event/sysmon_reg_office_security.yml
@@ -4,10 +4,11 @@ status: experimental
 description: Detects registry changes to Office macro settings
 author: Trent Liffick (@tliffick)
 date: 2020/05/22
-modified: 2021/07/12
+modified: 2022/01/10
 references:
     - Internal Research
     - https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/
+    - https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
 tags:
     - attack.defense_evasion
     - attack.t1112