SPL
DLL Serach Oreder Hijacking (mitre : T1574.001)
Description
1 0
index=* ((((EventCode="4688" OR EventCode="1") AND ((CommandLine="*reg*" CommandLine="*add*" CommandLine="*/d*") OR (CommandLine="*Set-ItemProperty*" CommandLine="*-value*")) AND (CommandLine="*00000000*" OR CommandLine="*0*") AND CommandLine="*SafeDllSearchMode*") OR ((EventCode="4657") ObjectValueName="SafeDllSearchMode" value="0")) OR ((EventCode="13") EventType="SetValue" TargetObject="*SafeDllSearchMode" Details="DWORD (0x00000000)")) | fields EventCode,EventType,TargetObject,Details,CommandLine,ObjectValueName,value
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.