This detection rule identifies when the Microsoft VBA for Outlook Add-in (outlvba.dll) is loaded by the Outlook process (outlook.exe). By monitoring the loading of this specific Dynamic Link Library (DLL), the rule aims to detect potential malicious activities related to Office macro exploits, which can be used for persistence by threat actors within a Windows environment. The rule operates by analyzing image load events to match the signature of the add-in being used. Given that VBA macros can be a common vector for attacks, particularly in phishing campaigns, it's important to be vigilant about unexpected or unauthorized use of these components. The rule includes a medium severity level, warning analysts to further investigate any detected instances, as legitimate macro usage can lead to false positives. To tailor the application of this rule to specific operational environments, analysts are advised to apply additional filtering to manage false positives effectively.