| DET0496 |
Behavior-Chain Detection for Remote Access Tools (Tool-Agnostic) |
T1219 |
| DET0312 |
Detect Active Setup Persistence via StubPath Execution |
T1547.014 |
| DET0225 |
Detect unauthorized LSASS driver persistence via LSA plugin abuse (Windows) |
T1547.008 |
| DET0361 |
Detecting .NET COM Registration Abuse via Regsvcs/Regasm |
T1218.009 |
| DET0222 |
Detecting MMC (.msc) Proxy Execution and Malicious COM Activation |
T1218.014 |
| DET0194 |
Detection of Malicious Control Panel Item Execution via control.exe or Rundll32 |
T1218.002 |
| DET0328 |
Detection of Malicious Profile Installation via CMSTP.exe |
T1218.003 |
| DET0422 |
Detection Strategy for IFEO Injection on Windows |
T1546.012 |
| DET0317 |
Detection Strategy for Impair Defenses Across Platforms |
T1562 |
| DET0116 |
Detection Strategy for Safe Mode Boot Abuse |
T1562.009 |
| DET0056 |
Detection Strategy for Subvert Trust Controls via Install Root Certificate. |
T1553.004 |