Registry Modifications to Change Default Programs Handling Files

Rule Info

Name
Registry Modifications to Change Default Programs Handling Files
Author
X__Junior
Description
Detects change to the default program handling file extension, which could be used by threat actors to run there malware when a certain extension is opened.
Reference
Internal Research
Date
2024-10-28 00:00:00
Modified
None
Id
27e754cd-fdd2-4264-95e8-fa626133cc5c
Tags
attack.defense-evasion attack.t1112
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022