Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

1 rule found for "Steffen Rogge (dr0pd34d)"

3,707Total
3,116Detection
451Emerging
137Hunting
Threat Huntlowtest

Microsoft Word Add-In Loaded

Detects Microsoft Word loading an Add-In (.wll) file which can be used by threat actors for initial access or persistence.

WindowsImage Load (DLL)
TA0002 · ExecutionT1204.002 · Malicious Filedetection.threat-hunting
Steffen Rogge (dr0pd34d)Wed Jul 10windows