Techniques
Sample rules
Potential Persistence Via Mpnotify
- source: sigma
- technicques:
Description
Detects when an attacker register a new SIP provider for persistence and defense evasion
Detection logic
condition: selection
selection:
TargetObject|contains: \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\mpnotify