Microsoft-365-Defender-Hunting-Queries icon indicating copy to clipboard operation
Microsoft-365-Defender-Hunting-Queries copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Add modification-of-exefile-shell-open-key.md

Open Karneades opened this issue 3 years ago • 1 comments

Add first detection of the exefile shell open key to the repo. See also https://twitter.com/swisscom_csirt/status/1461686311769759745 for a short description. It is currently used by Lokibot for persistence. Sneaky! Once in a while not only tasks, services or run keys are used, yay!

Karneades avatar Nov 19 '21 19:11 Karneades

CLA assistant check
All CLA requirements met.

ghost avatar Nov 19 '21 19:11 ghost