Show in Graph
Common Information
Type Value
Value 
Active Setup - T1547.014
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine. Active Setup is a Windows mechanism that is used to execute programs when a user logs in. The value stored in the Registry key will be executed after a user logs into the computer.(Citation: Klein Active Setup 2010) These programs will be executed under the context of the user and will have the account's associated permissions level. Adversaries may abuse Active Setup by creating a key under <code> HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\</code> and setting a malicious value for <code>StubPath</code>. This value will serve as the program that will be executed when a user logs into the computer.(Citation: Mandiant Glyer APT 2010)(Citation: Citizenlab Packrat 2015)(Citation: FireEye CFR Watering Hole 2012)(Citation: SECURELIST Bright Star 2015)(Citation: paloalto Tropic Trooper 2016) Adversaries can abuse these components to execute malware, such as remote access tools, to maintain persistence through system reboots. Adversaries may also use [Masquerading](https://attack.mitre.org/techniques/T1036) to make the Registry entries look as if they are associated with legitimate programs.
Details Published Attributes CTI Title
Details Website 2023-11-19 327 I was getting a MacAfee scam on Facebook - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-11-09 544 How do I fix visiting PCRisk & ScamAdviser & subjection to a drive-by download? - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-11-07 241 Trojan:Win32/Vigorf.A - Identified by MS Windows Defender - but not Removed - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-10-29 464 Opened email document (.wsk?)Changes screen resolution/ locks right click mouse - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-10-29 156 I have a trojan, and was told that have several other issues that need adressed - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-10-29 169 Windows Command Processor is requesting permission to make changes - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-10-28 244 PC restarted by program, not sure if infected - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-10-27 182 Persistent files. Stay even after I reinstall Windows. Is it malware? - Windows 10 Discussion
Details Website 2023-10-23 251 Suspected malware/trojan - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-10-23 258 May have got infected connecting external wrong exteranal hard drive - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-08-06 529 PC infected by URL:Phishing - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-07-27 312 Syndic8 Yahoo Browser Hijack - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-07-24 303 Random clicks, and folders open which I never opened - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-07-22 300 Infection exposure risk concern and incomplete Avira AntiVirus uninstall - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-07-19 434 Want to make sure inherited laptop is clean of viruses, malware - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-07-14 462 Virus detected by a program, nothing found in Windows Defender or Malwarebytes - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-06-30 298 Possible infection related to Cookie Settings ................... AGAIN!!!! - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-06-29 308 Checking on some odd Windows behavior - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-06-24 277 Integrated Camera Not Working - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-06-23 267 Threat Roundup for June 16 to June 23
Details Website 2023-06-20 331 Possible malware found in PDF that is not detected by antivirus - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-06-11 107 Persistent Rootkit which enables bad actors to control device remotely - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-06-06 298 Debit Card Keeps Getting Unauthorized Access - Virus, Trojan, Spyware, and Malware Removal Help
Details Website 2023-06-02 384 Threat Roundup for May 26 to June 2
Details Website 2023-05-24 373 XMRig Miner - Virus, Trojan, Spyware, and Malware Removal Help