Tag

Startup

3 briefs RSS

Suspicious Startup Shell Folder Modification

Detects suspicious modifications to the Windows Startup shell folder, a technique used to bypass detections monitoring file creation in the Windows Startup folder.

Microsoft Defender XDR +4 persistence registry startup

2r 1t May 12, 2026

medium advisory

Suspicious Scripts in the Startup Directory

2 rules 2 TTPs

This rule identifies script engines creating files or the creation of script files in the Windows Startup folder, a persistence technique used by adversaries to automatically execute scripts upon user login.

Elastic Defend +1 persistence startup windows attack.persistence

2r 2t Jan 3, 2024

medium advisory

Suspicious Process Writing to Startup Folder for Persistence

2 rules 1 TTP

Adversaries may establish persistence by writing malicious files to the Windows Startup folder, allowing them to automatically execute upon user logon; this detection identifies suspicious processes creating files in these locations.

Microsoft Defender XDR +2 persistence startup windows

2r 1t Jan 3, 2024