Hide Schedule Task Via Index Value Tamper (5b16df71-8615-4f7f-ac9b-6c43c0509e61)
Detects when the "index" value of a scheduled task is modified from the registry Which effectively hides it from any tooling such as "schtasks /query" (Read the referenced link for more information about the effects of this technique)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Hide Schedule Task Via Index Value Tamper (5b16df71-8615-4f7f-ac9b-6c43c0509e61) | Sigma-Rules | Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) | Attack Pattern | 1 |