Code Executed Via Office Add-in XLL File (36fbec91-fa1b-4d5d-8df1-8d8edcb632ad)

Adversaries may abuse Microsoft Office add-ins to obtain persistence on a compromised system. Office add-ins can be used to add functionality to Office programs

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Code Executed Via Office Add-in XLL File (36fbec91-fa1b-4d5d-8df1-8d8edcb632ad)	Sigma-Rules	1
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	2