Rule Library

Sigma Rules

2 rules found for "@scoubimtl"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

New Outlook Macro Created

Detects the creation of a macro file for Outlook.

WindowsFile Event

TA0004 · Privilege EscalationTA0003 · PersistenceTA0011 · Command and ControlT1137 · Office Application Startup+2

@scoubimtlMon Apr 05windows

Detectionhightest

Outlook Macro Execution Without Warning Setting Enabled

Detects the modification of Outlook security setting to allow unprompted execution of macros.

WindowsRegistry Set

TA0004 · Privilege EscalationTA0003 · PersistenceTA0011 · Command and ControlT1137 · Office Application Startup+2

@scoubimtlMon Apr 05windows