Outlook

Attackers establish persistence by installing a malicious VBA template in Microsoft Outlook, triggering scripts upon application startup by modifying the VBAProject.OTM file, detected by monitoring for unauthorized file modifications.

Attackers modify Outlook security settings via registry changes to enable malicious mail rules and bypass security controls, potentially leading to persistence and data compromise.

The detection identifies the modification of the Windows Registry key 'PONT_STRING' under Outlook Options by a process other than Outlook.exe, potentially indicating malware activity such as NotDoor.