Removal Of SD Value to Hide Schedule Task - Registry (acd74772-5f88-45c7-956b-6a7b36c294d2)
Remove SD (Security Descriptor) value in \Schedule\TaskCache\Tree registry hive to hide schedule task. This technique is used by Tarrask malware
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) | Attack Pattern | Removal Of SD Value to Hide Schedule Task - Registry (acd74772-5f88-45c7-956b-6a7b36c294d2) | Sigma-Rules | 1 |