rule:
meta:
name: set registry key via offline registry library
namespace: host-interaction/registry
authors:
- johnk3r
scopes:
static: function
dynamic: thread
att&ck:
- Defense Evasion::Modify Registry [T1112]
mbc:
- Operating System::Registry::Set Registry Key [C0036.001]
examples:
- 5fbbfeed28b258c42e0cfeb16718b31c:0x43A6C8
features:
- and:
- api: ORSetValue
- optional:
- api: ORSaveHive
last edited: 2023-11-24 10:34:28