Potential Persistence Via Netsh Helper DLL - Registry

Rule Info

Name
Potential Persistence Via Netsh Helper DLL - Registry
Author
Anish Bogati
Description
Detects changes to the Netsh registry key to add a new DLL value. This change might be an indication of a potential persistence attempt by adding a malicious Netsh helper
Reference
https://www.ired.team/offensive-security/persistence/t1128-netsh-helper-dll
Date
2023-11-28 00:00:00
Modified
None
Id
c90362e0-2df3-4e61-94fe-b37615814cb1
Tags
attack.persistence attack.t1546.007
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=c90362e0-2df3-4e61-94fe-b37615814cb1

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #5027 from @nasbench - Promote older rules status from `experimental` to `test`
2024-10-01
08c52c367
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Nasreddine Bencherchali
Merge PR #4602 from @nasbench - Update Netsh DLL Helper Abuse Rules
2023-11-28
6bcbd61fb
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022