Trust Access Disable For VBApplications (1a5c46e9-f32f-42f7-b2bc-6e9084db7fbf)
Detects registry changes to Microsoft Office "AccessVBOM" to a value of "1" which disables trust access for VBA on the victim machine and lets attackers execute malicious macros without any Microsoft Office warnings.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Trust Access Disable For VBApplications (1a5c46e9-f32f-42f7-b2bc-6e9084db7fbf) | Sigma-Rules | Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) | Attack Pattern | 1 |