Add first detection of the exefile shell open key to the repo. See also https://twitter.com/swisscom_csirt/status/1461686311769759745 for a short description. It is currently used by Lokibot for persistence. Sneaky! Once in a while not only tasks, services or run keys are used, yay!
ghost
commented
3 years ago
Add first detection of the exefile shell open key to the repo. See also https://twitter.com/swisscom_csirt/status/1461686311769759745 for a short description. It is currently used by Lokibot for persistence. Sneaky! Once in a while not only tasks, services or run keys are used, yay!