Skip to content

Hide Navigation Hide TOC

Suspicious Debugger Registration Cmdline (ae215552-081e-44c7-805f-be16f975c8a2)

Detects the registration of a debugger for a program that is available in the logon screen (sticky key backdoor).

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Debugger Registration Cmdline (ae215552-081e-44c7-805f-be16f975c8a2) Sigma-Rules Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 2