T1588 #144
Description
https://attack.mitre.org/techniques/T1588/
sigma:
builtin/application/Other/win_av_relevant_match.yml: - attack.t1588
process_creation/proc_creation_win_hktl_execution_via_imphashes.yml: - attack.t1588.002
process_creation/proc_creation_win_hktl_execution_via_pe_metadata.yml: - attack.t1588.002
process_creation/proc_creation_win_renamed_sysinternals_debugview.yml: - attack.t1588.002
process_creation/proc_creation_win_sysinternals_eula_accepted.yml: - attack.t1588.002
registry/registry_set/registry_set_pua_sysinternals_execution_via_eula.yml: - attack.t1588.002
registry/registry_set/registry_set_pua_sysinternals_renamed_execution_via_eula.yml: - attack.t1588.002
registry/registry_set/registry_set_pua_sysinternals_susp_execution_via_eula.yml: - attack.t1588.002
registry/registry_set/registry_set_renamed_sysinternals_eula_accepted.yml: - attack.t1588.002
registry/registry_set/registry_set_susp_keyboard_layout_load.yml: - attack.t1588.002