Suspicious Powershell In Registry Run Keys (8d85cf08-bf97-4260-ba49-986a2a65129c)

Detects potential PowerShell commands or code within registry run keys

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious Powershell In Registry Run Keys (8d85cf08-bf97-4260-ba49-986a2a65129c)	Sigma-Rules	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2