Tag
Attackers establish persistence by installing a malicious VBA template in Microsoft Outlook, triggering scripts upon application startup by modifying the VBAProject.OTM file, detected by monitoring for unauthorized file modifications.