Skip to content

Hide Navigation Hide TOC

MITRE BZAR Indicators for Persistence (53389db6-ba46-48e3-a94c-e0f2cefe1583)

Windows DCE-RPC functions which indicate a persistence techniques on the remote system. All credit for the Zeek mapping of the suspicious endpoint/operation field goes to MITRE.

Cluster A Galaxy A Cluster B Galaxy B Level
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern MITRE BZAR Indicators for Persistence (53389db6-ba46-48e3-a94c-e0f2cefe1583) Sigma-Rules 1
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2