Potentially Suspicious COM DLL Loaded By Outlook.EXE

Rule Info

Name
Potentially Suspicious COM DLL Loaded By Outlook.EXE
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects load of DLL located in the Outlook FORMS directory. This could be an indication of a potential exploitation of CVE-2024-21378 or potential persistence via Outlook FORMS.
Reference
https://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/
Date
2024-03-12 00:00:00
Modified
None
Id
e77bfa3d-e43c-4477-9855-18692db4c3d1
Tags
attack.execution attack.t1204.002
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022