Common Information
| Type | Value |
|---|---|
| Value |
Add-ins - T1137.006 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may abuse Microsoft Office add-ins to obtain persistence on a compromised system. Office add-ins can be used to add functionality to Office programs. (Citation: Microsoft Office Add-ins) There are different types of add-ins that can be used by the various Office products; including Word/Excel add-in Libraries (WLL/XLL), VBA add-ins, Office Component Object Model (COM) add-ins, automation add-ins, VBA Editor (VBE), Visual Studio Tools for Office (VSTO) add-ins, and Outlook add-ins. (Citation: MRWLabs Office Persistence Add-ins)(Citation: FireEye Mail CDS 2018) Add-ins can be used to obtain persistence because they can be set to execute code when an Office application starts. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-07 | 0 | How Do I Open Access in Safe Mode? Quick & Easy Guide | ||
| Details | Website | 2024-09-06 | 1 | Microsoft Office 2024 to disable ActiveX controls by default | ||
| Details | Website | 2024-09-03 | 13 | Vulnerabilities in Microsoft apps for macOS allow stealing permissions | ||
| Details | Website | 2024-08-19 | 48 | How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions | ||
| Details | Website | 2024-05-15 | 45 | To the Moon and back(doors): Lunar landing in diplomatic missions | ||
| Details | Website | 2023-11-20 | 3 | Are DarkGate and PikaBot the New QakBot? | Cofense | ||
| Details | Website | 2023-11-01 | 1 | Latest RAT attack surge bypasses Microsoft's XLL block | ||
| Details | Website | 2023-10-31 | 1 | Malware 'meal kits' give attackers the ingredients to bypass detection | ||
| Details | Website | 2023-10-31 | 0 | HP Wolf Security Threat Insights Report Q3 2023 | HP Wolf Security | ||
| Details | Website | 2023-10-22 | 1 | How to Fix Outlook Error Code _0x80070021 | ||
| Details | Website | 2023-10-05 | 14 | Qakbot-affiliated actors distribute Ransom Night malware despite infrastructure takedown | ||
| Details | Website | 2023-09-18 | 85 | Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis | ||
| Details | Website | 2023-06-08 | 34 | 2022 Activities Summary of SectorJ groups (ENG) – Red Alert | ||
| Details | Website | 2023-05-31 | 20 | Upping the Ante: Detecting In-Memory Threats with Kernel Call Stacks — Elastic Security Labs | ||
| Details | Website | 2023-05-02 | 2 | In this update, we share with you the main developments from April | ||
| Details | Website | 2023-05-02 | 54 | Polish Healthcare Industry Targeted by Vidar Infostealer Likely Linked to Djvu Ransomware | ||
| Details | Website | 2023-04-29 | 83 | Bluepurple Pulse: week ending April 30th | ||
| Details | Website | 2023-04-22 | 3 | LetsDefend: Malicious Document Analysis with REMnux | ||
| Details | Website | 2023-04-17 | 2 | Microsoft Products as an Attack Vector | ||
| Details | Website | 2023-04-08 | 1 | DoNotSpy11 comes to Windows 11 22H2 Moment 2, Windows 10 22H2 | ||
| Details | Website | 2023-04-05 | 14 | Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark | ||
| Details | Website | 2023-04-03 | 0 | Microsoft OneNote Starts Blocking Dangerous File Extensions | ||
| Details | Website | 2023-03-01 | 8 | Introducing Aladdin - LRQA Nettitude Labs | ||
| Details | Website | 2023-02-21 | 23 | Your Office Document is at Risk - XLL, A New Attack Vector | ||
| Details | Website | 2023-02-03 | 1 | Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware |