start minifilter driver

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: start minifilter driver
    namespace: host-interaction/filter
    authors:
      - michael.hunhoff@mandiant.com
    scopes:
      static: basic block
      dynamic: call
    mbc:
      - Hardware::Load Driver::Minifilter [C0023.001]
    references:
      - https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/filter-manager-concepts
    examples:
      - B5F85C26D7AA5A1FB4AF5821B6B5AB9B:0x406360
  features:
    - and:
      - api: FltStartFiltering

last edited: 2023-11-24 10:35:00