Potential Persistence Via Logon Scripts - Registry (9ace0707-b560-49b8-b6ca-5148b42f39fb)

Detects creation of "UserInitMprLogonScript" registry value which can be used as a persistence method by malicious actors

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Potential Persistence Via Logon Scripts - Registry (9ace0707-b560-49b8-b6ca-5148b42f39fb)	Sigma-Rules	1
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	2