Tag
medium
advisory
Encoded Executable Stored in the Registry
2 rules 3 TTPs 1 IOCThis rule detects registry modifications used to hide encoded portable executables, indicating a defense evasion technique where adversaries avoid storing malicious content directly on disk by writing encoded executables to the Windows Registry.
Windows
defense-evasion
registry-modification
encoded-executable
2r
3t
1i
high
advisory
Detection of Hidden Encoded Executables via Registry Modification
3 rules 3 TTPsAttackers can hide and execute malicious code by storing it in encoded form within the Windows Registry and then executing it, evading traditional file-based detection mechanisms.
Windows
defense-evasion
registry-modification
encoded-executable
3r
3t