Techniques
Sample rules
Potential Persistence Via Netsh Helper DLL - Registry
- source: sigma
- technicques:
- t1546
- t1546.007
Description
Detects changes to the Netsh registry key to add a new DLL value. This change might be an indication of a potential persistence attempt by adding a malicious Netsh helper
Detection logic
condition: selection
selection:
Details|contains: .dll
TargetObject|contains: \SOFTWARE\Microsoft\NetSh