Potential Persistence Via Microsoft Office Add-In (8e1cb247-6cf6-42fa-b440-3f27d57e9936)

Detects potential persistence activity via startup add-ins that load when Microsoft Office starts (.wll/.xll are simply .dll fit for Word or Excel).

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential Persistence Via Microsoft Office Add-In (8e1cb247-6cf6-42fa-b440-3f27d57e9936)	Sigma-Rules	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	1
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	2