Persistence via NetSh Key¶
The tool NetShell allows for the creation of helper DLLs, which are loaded into netsh.exe every time it executes.
This is used by attackers to establish persistence.
| id: | 5f9a71f4-f5ef-4d35-aff8-f67d63d3c896 |
|---|---|
| categories: | detect |
| confidence: | medium |
| os: | windows |
| created: | 11/30/2018 |
| updated: | 11/30/2018 |
MITRE ATT&CK™ Mapping¶
| tactics: | Persistence |
|---|---|
| techniques: | T1128 Netsh Helper DLL |
Query¶
registry where registry_path == "*\\Software\\Microsoft\\NetSh\\*"