T1068 #147
Description
https://attack.mitre.org/techniques/T1068/
sigma:
builtin/application/microsoft-windows_audit_cve/win_audit_cve.yml: - attack.t1068
driver_load/driver_load_win_mal_drivers.yml: - attack.t1068
driver_load/driver_load_win_mal_drivers_names.yml: - attack.t1068
driver_load/driver_load_win_vuln_drivers.yml: - attack.t1068
driver_load/driver_load_win_vuln_drivers_names.yml: - attack.t1068
file/file_event/file_event_win_sysinternals_procexp_driver_susp_creation.yml: - attack.t1068
file/file_event/file_event_win_sysinternals_procmon_driver_susp_creation.yml: - attack.t1068
process_creation/proc_creation_win_hktl_sharpsuccessor_execution.yml: - attack.t1068
process_creation/proc_creation_win_hktl_sysmoneop.yml: - attack.t1068
process_creation/proc_creation_win_spoolsv_susp_child_processes.yml: - attack.t1068