sentry

click_tracking

disable_posthog_tracking

suborganization_creation

microsoft_non_admin_onboarding

google_non_admin_onboarding

hide_hip_progress_bar

expose_inline_message_meta

safelinks_click_tracking

show_enable_inline_processing

mlv_actions_filter

attack_score_likely_benign

search_recipients_field

self_serve_password_reset

rlv_auto_review

rule_effectiveness_auto_review

m365_mailbox_counts

ms365_cert_based_auth

mdv_redirect_original_canonical_id_to_cluster_id

ignore_asr_priority_counts

priority_view_overview

mql_as_graymail

mdv_summary_card

mql_as_spam

self_serve_fix_gmail_reports

spam_graymail_classifications

overview_v2_fe

overview_v2_labels

message_group_filters

domain_per_rule_exclusions

hip_mlv_sticky_table_revalidation

remediation_in_progress_ui

mdv_large_insight_cells

rule_exclusions_in_elv

message_groups_best_match

user_report_auto_replies

inline_webhook_alerts

force_disable_all_frontend_slurp_restrictions

onboarding_abuse_mailbox_route

mdv_asa

custom_rbac_ui

mdv_asa_button_all_messages

auto_replies_acknowledge_ui

auto_replies_classification_ui

mdv_asa_overview_card

new_rule_detail_view

public_label_detail_view

asa_full_response

mdv_asa_chain_of_thought

disable_mailboxes_ui

user_reports_overview_ui

asa_in_eml_analyzer_ui

email_bomb_mdv

Sublime Core Feed

Macro references the ShellBrowserWindow COM object which can be used to spawn new processes from Explorer.exe rather than as a child process of the Office application. This can be useful for a threat actor attempting to evade security controls.


Attachment: Macro with Suspected Use of COM ShellBrowserWindow Object for Process Creation

Attachment: Macro with Suspected Use of COM ShellBrowserWindow Object for Process Creation

Labels

Description

References

Playground

Share

Get Started. Today.