VSTO: The Payload Installer That Probably Defeats Your Application Whitelisting Rules
Tags
attack-pattern: Add-Ins - T1137.006 Sharepoint - T1213.002 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID dc460be2-1ee2-43a8-908e-9af53d10099c
Fingerprint 9d1dc21a28aba69c
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 31, 2018, 4:54 a.m.
Added to db Jan. 18, 2023, 9:12 p.m.
Last updated Nov. 17, 2024, 6:30 p.m.
Headline bohops
Title VSTO: The Payload Installer That Probably Defeats Your Application Whitelisting Rules
Detected Hints/Tags/Attributes 28/1/7
Source URLs
Redirection Url
Details Source https://bohops.com/2018/01/31/vsto-the-payload-installer-that-probably-defeats-your-application-whitelisting-rules/
URL Provider
Details Provider Source level domain
Details bohops.com bohops.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
microsoft.office.tools
Details File 1 
appname.dll
Details File 3 
utilities.dll
Details File 380 
notepad.exe
Details File 1 
vstoevil.dll
Details File 55 
control.exe
Details File 3 
vstoinstaller.exe