Macro Enabled In A Potentially Suspicious Document (a166f74e-bf44-409d-b9ba-ea4b2dd8b3cd)
Detects registry changes to Office trust records where the path is located in a potentially suspicious location
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Macro Enabled In A Potentially Suspicious Document (a166f74e-bf44-409d-b9ba-ea4b2dd8b3cd) | Sigma-Rules | Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) | Attack Pattern | 1 |