Suspicious Startup Folder Persistence (28208707-fe31-437f-9a7f-4b1108b94d2e)

Detects when a file with a suspicious extension is created in the startup folder

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Suspicious Startup Folder Persistence (28208707-fe31-437f-9a7f-4b1108b94d2e)	Sigma-Rules	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2