Tag
high
threat
Suspicious ImagePath Service Creation in Registry
2 rules 1 TTPDetection of suspicious ImagePath values written to the registry, indicating potential persistence or privilege escalation via abnormal service creation involving command interpreters or named pipes.
Elastic Endgame +4
persistence
registry
service_creation
2r
1t
medium
advisory
Detect Suspicious Windows Service Installation
2 rules 1 TTPThis detection identifies the creation of new Windows services with suspicious command values, often used for privilege escalation and persistence by malicious actors.
persistence
privilege_escalation
windows
service_creation
2r
1t