diff --git a/rules/windows/process_creation/proc_creation_win_susp_iss_module_install.yml b/rules/windows/process_creation/proc_creation_win_susp_iss_module_install.yml
index 9958b70ad..179c83cfb 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_iss_module_install.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_iss_module_install.yml
@@ -5,6 +5,7 @@ description: Detects suspicious IIS native-code module installations via command
 author: Florian Roth
 references:
   - https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/
+  - https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/
 date: 2019/12/11
 modified: 2022/01/07
 logsource:
@@ -19,7 +20,7 @@ detection:
       - '/name:'
   condition: selection
 falsepositives:
-  - Unknown as it may vary from organisation to arganisation how admins use to install IIS modules
+  - Unknown as it may vary from organisation to organisation how admins use to install IIS modules
 level: medium
 tags:
   - attack.persistence