Techniques
Sample rules
Potential Persistence Via MyComputer Registry Keys
- source: sigma
- technicques:
Description
Detects modification to the “Default” value of the “MyComputer” key and subkeys to point to a custom binary that will be launched whenever the associated action is executed (see reference section for example)
Detection logic
condition: selection
selection:
TargetObject|contains: \Microsoft\Windows\CurrentVersion\Explorer\MyComputer
TargetObject|endswith: (Default)