Registry Persistence via Run Keys¶
Adversaries can establish persistence by adding an entry to the “run keys” in the registry or startup folder. The referenced program will be executed when a user logs in.
id: | c457d0c5-3ec8-4e9e-93f5-6ddcbfeec498 |
---|---|
categories: | enrich |
confidence: | low |
os: | windows |
created: | 7/26/2019 |
updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
tactics: | Persistence |
---|---|
techniques: | T1060 Registry Run Keys / Startup Folder |
Query¶
registry where
registry_path == "*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run*"