EXPLORE
Sign In
← Back to Explore
T1137.006

Add-ins

Adversaries may abuse Microsoft Office add-ins to obtain persistence on a compromised system. Office add-ins can be used to add functionality to Office programs. (Citation: Microsoft Office Add-ins) There are different types of add-ins that can be used by the various Office products; including Word/Excel add-in Libraries (WLL/XLL), VBA add-ins, Office Component Object Model (COM) add-ins, automation add-ins, VBA Editor (VBE), Visual Studio Tools for Office (VSTO) add-ins, and Outlook add-ins. (C...

WindowsOffice Suite
6
Detections
2
Sources
1
Threat Actors

BY SOURCE

4sigma2elastic

PROCEDURES (5)

Registry Monitoring2 detections

Auto-extracted: 2 detections for registry monitoring

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

File Monitoring1 detections

Auto-extracted: 1 detections for file monitoring

Email Security1 detections

Auto-extracted: 1 detections for email security

THREAT ACTORS (1)

Naikon

DETECTIONS (6)

Code Executed Via Office Add-in XLL File
sigmahigh
Persistence via Microsoft Office AddIns
elastichigh
Potential Persistence Via Excel Add-in - Registry
sigmahigh
Potential Persistence Via Microsoft Office Add-In
sigmahigh
Potential Persistence Via Visual Studio Tools for Office
sigmamedium
Suspicious Execution via Microsoft Office Add-Ins
elasticmedium