registry detection fyi - Robuta Search

https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_schtasks_reg_loader_encoded/ Scheduled Task Executing Encoded Payload from Registry | Detection.FYI Detects the creation of a schtask that potentially executes a base64 encoded payload stored in the Windows Registry using PowerShell. registry detection fyi scheduled task executing encoded payload https://detection.fyi/sigmahq/sigma/emerging-threats/2020/malware/blue-mockingbird/registry_set_mal_blue_mockingbird/ Blue Mockingbird - Registry | Detection.FYI Attempts to detect system changes made by Blue Mockingbird registry detection fyi blue mockingbird https://detection.fyi/sigmahq/sigma/windows/registry/registry_set/registry_set_uac_bypass_wmp/ UAC Bypass Using Windows Media Player - Registry | Detection.FYI Detects the pattern of UAC Bypass using Windows Media Player osksupport.dll (UACMe 32) windows media player registry detection fyi uac bypass using https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_schtasks_reg_loader/ Scheduled Task Executing Payload from Registry | Detection.FYI Detects the creation of a schtasks that potentially executes a payload stored in the Windows Registry using PowerShell. registry detection fyi scheduled task executing payload https://detection.fyi/sigmahq/sigma/windows/registry/registry_event/registry_event_add_local_hidden_user/ Creation of a Local Hidden User Account by Registry | Detection.FYI Sysmon registry detection of a local hidden user account. registry detection fyi user account creation local hidden https://detection.fyi/sigmahq/sigma/windows/registry/registry_set/registry_set_add_load_service_in_safe_mode/ Registry Persistence via Service in Safe Mode | Detection.FYI Detects the modification of the registry to allow a driver or service to persist in Safe Mode. persistence via safe mode detection fyi registry service https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_vulnerable_driver_blocklist_registry_tampering/ Vulnerable Driver Blocklist Registry Tampering Via CommandLine | Detection.FYI Detects tampering of the Vulnerable Driver Blocklist registry via command line tools such as PowerShell or REG.EXE. The Vulnerable Driver Blocklist is a … commandline detection fyi tampering via vulnerable driver blocklist https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_credential_guard_registry_tampering/ Windows Credential Guard Registry Tampering Via CommandLine | Detection.FYI Detects attempts to add, modify, or delete Windows Credential Guard related registry keys or values via command line tools such as Reg.exe or PowerShell. … commandline detection fyi windows credential tampering via guard registry https://detection.fyi/sigmahq/sigma/windows/registry/registry_set/registry_set_persistence_mycomputer/ Potential Persistence Via MyComputer Registry Keys | Detection.FYI Detects modification to the potential persistence via registry keys detection fyi https://detection.fyi/sigmahq/sigma/windows/registry/registry_event/registry_event_susp_atbroker_change/ Atbroker Registry Change | Detection.FYI Detects creation/modification of Assistive Technology applications and persistence with usage of 'at' change detection registry fyi https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_reg_windows_defender_tamper/ Suspicious Windows Defender Registry Key Tampering Via Reg.EXE | Detection.FYI Detects the usage of exe detection fyi suspicious windows registry key tampering via defender https://detection.fyi/sigmahq/sigma/windows/registry/registry_event/registry_event_redmimicry_winnti_reg/ RedMimicry Winnti Playbook Registry Manipulation | Detection.FYI Detects actions caused by the RedMimicry Winnti playbook detection fyi playbook registry manipulation https://detection.fyi/sigmahq/sigma/windows/registry/registry_set/registry_set_lsa_disablerestrictedadmin/ RestrictedAdminMode Registry Value Tampering | Detection.FYI Detects changes to the detection fyi registry value tampering https://detection.fyi/sigmahq/sigma/emerging-threats/2018/ta/apt32-oceanlotus/registry_event_apt_oceanlotus_registry/ OceanLotus Registry Activity | Detection.FYI Detects registry keys created in OceanLotus (also known as APT32) attacks activity detection fyi registry https://detection.fyi/sigmahq/sigma/application/rpc_firewall/rpc_firewall_remote_registry_lateral_movement/ Remote Registry Lateral Movement | Detection.FYI Detects remote RPC calls to modify the registry and possible execute code lateral movement detection remote registry fyi https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_registry_special_accounts_hide_user/ Hiding User Account Via SpecialAccounts Registry Key - CommandLine | Detection.FYI Detects changes to the registry key commandline detection fyi user account registry key hiding via