Closed Aegrah closed 3 months ago
Increased rule scope for this rule to not just cover /etc/rc.local and /etc/rc.common, but more scripts that can potentially be used for persistence. 0 hits in telemetry last 90d, 66 hits in my stack (related to malware, RTA's and testing).
Summary
Increased rule scope for this rule to not just cover /etc/rc.local and /etc/rc.common, but more scripts that can potentially be used for persistence. 0 hits in telemetry last 90d, 66 hits in my stack (related to malware, RTA's and testing).