VBScript Payload Stored in Registry (46490193-1b22-4c29-bdd6-5bf63907216f)

Detects VBScript content stored into registry keys as seen being used by UNC2452 group

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	VBScript Payload Stored in Registry (46490193-1b22-4c29-bdd6-5bf63907216f)	Sigma-Rules	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2