Tag
medium
advisory
Detection of Persistent Scripts in the Startup Directory
2 rules 2 TTPsThis rule identifies script engines creating files in the Startup folder, or the creation of script files in the Startup folder, enabling adversaries to maintain persistence by placing malicious scripts or shortcuts in the Windows Startup folder, which are then executed during account logon.
Windows
persistence
startup-folder
malware
2r
2t
medium
advisory
Startup Folder Persistence by Suspicious Processes
2 rules 1 TTPThis rule identifies files written to or modified in the startup folder by commonly abused processes on Windows systems, a technique adversaries use to maintain persistence by automatically executing malicious programs upon user login or system startup.
Windows +2
persistence
startup-folder
2r
1t