Potential Persistence Attempt Via Existing Service Tampering (38879043-7e1e-47a9-8d46-6bec88e201df)

Detects the modification of an existing service in order to execute an arbitrary payload when the service is started or killed as a potential method for persistence.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Potential Persistence Attempt Via Existing Service Tampering (38879043-7e1e-47a9-8d46-6bec88e201df)	Sigma-Rules	1
Potential Persistence Attempt Via Existing Service Tampering (38879043-7e1e-47a9-8d46-6bec88e201df)	Sigma-Rules	Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2