Added new malwarebytes reference for Cab File Expansion rule

rules/windows/process_creation/sysmon_expand_cabinet_files.yml

@@ -3,9 +3,11 @@ status: experimental
 id: 9f107a84-532c-41af-b005-8d12a607639f
 author: Bhabesh Raj
 date: 2021/07/30
+modified: 2021/08/31
 description: Adversaries can use the inbuilt expand utility to decompress cab files as seen in recent Iranian MeteorExpress attack
 references:
     - https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll
+    - https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/
 tags:
     - attack.execution
     - attack.t1218