Update proc_creation_win_weak_or_abused_passwords.yml

rules/windows/process_creation/proc_creation_win_weak_or_abused_passwords.yml

@@ -5,9 +5,10 @@ description: Detects weak passwords or often abused passwords (seen used by thre
 references:
     - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments
     - https://thedfirreport.com/2022/09/26/bumblebee-round-two/
+    - https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/
 author: Nasreddine Bencherchali
 date: 2022/09/14
-modified: 2022/09/27
+modified: 2022/11/08
 tags:
     - attack.defense_evasion
     - attack.execution
@@ -19,7 +20,7 @@ detection:
         CommandLine|contains:
             # Add more passwords
             - 'Asd123.aaaa'
-            - 'password123'
+            - 'password123' # Also covers PASSWORD123123! as seen in https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/
             - '123456789'
             - 'P@ssw0rd!'
     condition: selection