Malware Persistence without the Windows Registry | Mandiant
Tags
| attack-pattern: | Data Dll Search Order Hijacking - T1574.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Dll Search Order Hijacking - T1038 |
Common Information
| Type | Value |
|---|---|
| UUID | 8a678a60-c77c-424e-a3e8-770eb90c61fe |
| Fingerprint | 3d9c991e27a746c4 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 15, 2010, midnight |
| Added to db | Nov. 6, 2023, 7:10 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Malware Persistence without the Windows Registry |
| Title | Malware Persistence without the Windows Registry | Mandiant |
| Detected Hints/Tags/Attributes | 29/1/18 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 330 | ✔ | Threat Intelligence | https://www.mandiant.com/resources/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 201 | msdn.microsoft.com |
|
| Details | Domain | 21 | blogs.msdn.com |
|
| Details | File | 1 | 187752.aspx |
|
| Details | File | 130 | ws2_32.dll |
|
| Details | File | 53 | iphlpapi.dll |
|
| Details | File | 15 | mswsock.dll |
|
| Details | File | 175 | update.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | windowsntshrui.dll |
|
| Details | File | 12 | ntshrui.dll |
|
| Details | File | 1 | itunessspicli.dll |
|
| Details | File | 1 | itunescryptbase.dll |
|
| Details | File | 1 | itunescorefoundation.dll |
|
| Details | File | 1 | itunesmsvcr80.dll |
|
| Details | File | 40 | cryptbase.dll |
|
| Details | Url | 1 | http://msdn.microsoft.com/en-us/library/ms682586(vs.85).aspx |
|
| Details | Url | 1 | http://blogs.msdn.com/b/larryosterman/archive/2004/07/19/187752.aspx |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINESystemCurrentControlSetControlSession |