Tag
high
advisory
Windows EventLog Autologger Session Disabled via Registry Modification
2 rules 1 TTPAdversaries may attempt to disable Windows EventLog autologger sessions via registry modification to evade detection and prevent security monitoring of early boot activities and system events.
Windows
attack.defense-evasion
attack.t1562.002
2r
1t
high
threat
Windows AutoLogger Session Tampering Detection
3 rules 1 TTPAttackers may disable AutoLogger sessions by modifying specific registry values to evade detection and prevent security monitoring of early boot activities and system events, a technique observed in intrusions involving IcedID and XingLocker ransomware.
exploited
Windows
attack.defense-evasion
attack.t1562.002
3r
1t