Rule Info
Name
Potential PendingFileRenameOperations Tamper
Author
frack113
Description
Detect changes to the "PendingFileRenameOperations" registry key from uncommon or suspicious images lcoations to stage currently used files for rename after reboot.
Date
2023-01-27 00:00:00
Modified
None
Id
4eec988f-7bf0-49f1-8675-1e6a510b3a2a
Tags
attack.defense_evasion attack.t1036.003 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
Merge PR #4611 from @nasbench - Promote Older Rules Status From `experimental` To `test`
2023-12-01