Python Function Execution Security Warning Disabled In Excel - Registry

Rule Info

Name
Python Function Execution Security Warning Disabled In Excel - Registry
Author
Nasreddine Bencherchali (Nextron Systems), @Kostastsale
Description
Detects changes to the registry value "PythonFunctionWarnings" that would prevent any warnings or alerts from showing when Python functions are about to be executed. Threat actors could run malicious code through the new Microsoft Excel feature that allows Python to run within the spreadsheet.
Reference
https://support.microsoft.com/en-us/office/data-security-and-python-in-excel-33cc88a4-4a87-485e-9ff9-f35958278327
Date
2024-08-23 00:00:00
Modified
None
Id
17e53739-a1fc-4a62-b1b9-87711c2d5e44
Tags
attack.defense-evasion attack.t1562.001
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=17e53739-a1fc-4a62-b1b9-87711c2d5e44

Rule History

Author
Title
Date
Commit
Kostas
Merge PR #4961 from @tsale - Add multiples rules and updates
2024-08-29
2851ef5d1
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022