Product
medium
advisory
Suspicious WMI Image Load from MS Office
2 rules 1 TTPAdversaries may exploit Windows Management Instrumentation (WMI) to execute code stealthily, bypassing traditional security measures by loading `wmiutils.dll` from Microsoft Office applications, potentially indicating malicious execution.
WINWORD.EXE +4
wmi
image load
office
execution
2r
1t
high
advisory
Script Execution via Microsoft HTML Application
3 rules 1 TTPDetects the execution of scripts via HTML applications using Windows utilities rundll32.exe or mshta.exe to bypass defenses by proxying execution of malicious content with signed binaries.
Windows +8
defense-evasion
script-execution
3r
1t