Tag

Startup

2 briefs RSS

Suspicious Scripts in the Startup Directory

This rule identifies script engines creating files or the creation of script files in the Windows Startup folder, a persistence technique used by adversaries to automatically execute scripts upon user login.

Elastic Defend +1 persistence startup windows attack.persistence

2r 2t Jan 3, 2024

medium advisory

Suspicious Process Writing to Startup Folder for Persistence

2 rules 1 TTP

Adversaries may establish persistence by writing malicious files to the Windows Startup folder, allowing them to automatically execute upon user logon; this detection identifies suspicious processes creating files in these locations.

Microsoft Defender XDR +2 persistence startup windows

2r 1t Jan 3, 2024