Common Information
| Type | Value |
|---|---|
| Value |
Add-ins - T1137.006 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may abuse Microsoft Office add-ins to obtain persistence on a compromised system. Office add-ins can be used to add functionality to Office programs. (Citation: Microsoft Office Add-ins) There are different types of add-ins that can be used by the various Office products; including Word/Excel add-in Libraries (WLL/XLL), VBA add-ins, Office Component Object Model (COM) add-ins, automation add-ins, VBA Editor (VBE), Visual Studio Tools for Office (VSTO) add-ins, and Outlook add-ins. (Citation: MRWLabs Office Persistence Add-ins)(Citation: FireEye Mail CDS 2018) Add-ins can be used to obtain persistence because they can be set to execute code when an Office application starts. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-01-01 | 13 | IOCs/xlling-in-excel-malicious-add-ins.txt at main · Cisco-Talos/IOCs | ||
| Details | Website | 2022-12-28 | 2 | APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector | ||
| Details | Website | 2022-12-28 | 0 | Microsoft Excel Add-ins Emerges As New Attack Vector By APT Hackers | IT Security News | ||
| Details | Website | 2022-12-28 | 0 | APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector | IT Security News | ||
| Details | Website | 2022-12-21 | 3 | Cisco’s Talos security bods predict new wave of Excel Hell | ||
| Details | Website | 2022-12-21 | 103 | Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT | ||
| Details | Website | 2022-12-20 | 4 | SentinelSneak in the wild. Malicious XLLs. Cyber incidents in the hybrid war. | ||
| Details | Website | 2022-12-07 | 7 | 'Resume.xll' File Being Distributed in Korea (LockBit 2.0) - ASEC BLOG | ||
| Details | Website | 2022-09-26 | 5 | Visual Basic for Applications - Wikipedia | ||
| Details | Website | 2022-07-07 | 10 | Ekipa Remote Access Trojan Designed by Russian Hacktivists for “Targeted Attacks” | Threat Intelligence | CloudSEK | ||
| Details | Website | 2022-04-04 | 15 | Uncommon office malware stagers | ||
| Details | Website | 2022-03-24 | 4 | Vidar spyware is now hidden in Microsoft help files | ||
| Details | Website | 2022-03-08 | 15 | Excel Add-ins Deliver JSSLoader Malware | ||
| Details | Website | 2022-01-14 | 10 | How Attackers Use XLL Malware to Infect Systems | HP Wolf Security | ||
| Details | Website | 2022-01-01 | 0 | What is Protected View? | ||
| Details | Website | 2022-01-01 | 1 | Add or remove add-ins in Excel | ||
| Details | Website | 2021-12-20 | 65 | InfoSec Handlers Diary Blog - SANS Internet Storm Center | ||
| Details | Website | 2021-12-07 | 75 | Windows 10 RCE: The exploit is in the link | Positive Security | ||
| Details | Website | 2021-12-05 | 10 | Malicious Excel XLL add-ins push RedLine password-stealing malware | ||
| Details | Website | 2021-09-22 | 34 | Malicious PowerPoint Documents on the Rise | McAfee Blog | ||
| Details | Website | 2021-07-22 | 0 | Service to Embed Documents with Malicious Executables for Sale on Cybercrime Forum | Threat Intelligence | CloudSEK | ||
| Details | Website | 2021-03-30 | 1 | Security baseline for Microsoft 365 Apps for enterprise (v2103, March 2021) - DRAFT | ||
| Details | Website | 2020-05-28 | 0 | ICS / OT security risks of industrial application stores | ||
| Details | Website | 2019-03-07 | 0 | Restricting or blocking Office 2016/2019 macros with Group Policy | ||
| Details | Website | 2018-12-12 | 1 | Configuring Office 365 Microsoft Teams and Skype for Business federation |