From 6acc441dcfe20701ff1c9a4f9344093de1f5201f Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <t+github@chainguard.dev>
Date: Wed, 12 Jul 2023 16:46:00 -0400
Subject: [PATCH] Add rustbucket comment

---
 detection/evasion/unexpected-user-executables-macos.sql | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/detection/evasion/unexpected-user-executables-macos.sql b/detection/evasion/unexpected-user-executables-macos.sql
index da91614..672db69 100644
--- a/detection/evasion/unexpected-user-executables-macos.sql
+++ b/detection/evasion/unexpected-user-executables-macos.sql
@@ -2,6 +2,8 @@
 --
 -- references:
 --   * https://www.elastic.co/security-labs/inital-research-of-jokerspy
+--   * https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
+--
 -- false positives:
 --   * none known
 --