002. Beyond Good Old Run Key
Hello everyone! Today we're going to talk about a very common sub-technique - T1547.001: Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder. But let's look at an interesting example, of course.
I think, almost any malware family uses this sub-technique for persistense. Why? Because Run keys and startup folders also commonly used by legitimate software to autorun, so this way adversaries may blend with the compromised environment.
If we look into MITRE ATT&CK page for this sub-technique, we may notice that there are more interesting registry keys. For example, this one on the screenshot.
By the way, if you want to learn more about less common persistence mechanisms, make sure to check Beyond good ol’ Run key at Hexacorn blog!
See you tomorrow!
Comments
Post a Comment