<<< Hide Navigation Hide TOC >>>
VBScript Payload Stored in Registry (46490193-1b22-4c29-bdd6-5bf63907216f)
Detects VBScript content stored into registry keys as seen being used by UNC2452 group
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) | Attack Pattern | VBScript Payload Stored in Registry (46490193-1b22-4c29-bdd6-5bf63907216f) | Sigma-Rules | 1 |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) | Attack Pattern | Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) | Attack Pattern | 2 |