Potential Remote Code Execution Via Outlook Form

Rule Info

Name
Potential Remote Code Execution Via Outlook Form
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the creation of a new file with a ".DLL" extension in the Outlook Forms folder. This might be an indicator of an attacker using Outlook form persistence or remote code execution as seen in CVE-2024-21378 exploitation.
Date
2024-03-12 00:00:00
Modified
None
Id
9e0bfbbe-d3d1-4b05-bc12-c5038d040108
Tags
attack.persistence attack.t1137.003
Type
Nextron Sigma feed only (private)

Rule History