Rule Library
Sigma Rules
2 rules found for "David Bertho & Eirik Sveen"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Potential Persistence Via Outlook Home Page
Detects potential persistence activity via outlook home page. An attacker can set a home page to achieve code execution and persistence by editing the WebView registry keys.
WindowsRegistry Set
TA0005 · Defense EvasionTA0003 · PersistenceT1112 · Modify Registry
Tobias Michalski+2Wed Jun 09windows
Detectionhightest
Potential Persistence Via Outlook Today Page
Detects potential persistence activity via outlook today page. An attacker can set a custom page to execute arbitrary code and link to it via the registry values "URL" and "UserDefinedUrl".
WindowsRegistry Set
TA0005 · Defense EvasionTA0003 · PersistenceT1112 · Modify Registry
Tobias Michalski+2Thu Jun 10windows