Adversaries may abuse Microsoft Office add-ins to obtain persistence on a compromised system. Office add-ins can be used to add functionality to Office programs

Read More

Detect potential persistence via the creation of an excel add-in (XLL) file to make it run automatically when Excel is started.

Read More

Detects potential persistence activity via startup add-ins that load when Microsoft Office starts (.wll/.xll are simply .dll fit for Word or Excel).

Read More

Detects persistence via Visual Studio Tools for Office (VSTO) add-ins in Office applications.

Read More