Product
medium
advisory
Persistence via Windows Installer (Msiexec)
3 rules 3 TTPsAdversaries may establish persistence by abusing the Windows Installer (msiexec.exe) to create scheduled tasks or modify registry run keys, allowing for malicious code execution upon system startup or user logon.
Windows +21
persistence
defense-evasion
3r
3t
medium
advisory
Potential Persistence via Time Provider Modification
2 rules 2 TTPsAdversaries may establish persistence by registering and enabling a malicious DLL as a time provider by modifying registry keys associated with the W32Time service.
Windows +1
persistence
privilege-escalation
time-provider
2r
2t