From 798c447317545a9b39bf96e4d424be7da9cd4e7b Mon Sep 17 00:00:00 2001
From: Bhabesh <bhabeshraj678@gmail.com>
Date: Mon, 10 Jan 2022 12:02:01 +0545
Subject: [PATCH] Added new reference for Office Security Settings Changed

---
 rules/windows/registry_event/sysmon_reg_office_security.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules/windows/registry_event/sysmon_reg_office_security.yml b/rules/windows/registry_event/sysmon_reg_office_security.yml
index eac91c79d..1ef9cf359 100644
--- a/rules/windows/registry_event/sysmon_reg_office_security.yml
+++ b/rules/windows/registry_event/sysmon_reg_office_security.yml
@@ -4,10 +4,11 @@ status: experimental
 description: Detects registry changes to Office macro settings
 author: Trent Liffick (@tliffick)
 date: 2020/05/22
-modified: 2021/07/12
+modified: 2022/01/10
 references:
     - Internal Research
     - https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/
+    - https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
 tags:
     - attack.defense_evasion
     - attack.t1112