Windows Filtering Platform: Persistent state under the hood
Tags
attack-pattern: | Data |
Common Information
Type | Value |
---|---|
UUID | c3ceea2c-da95-4049-a650-0b8d9498d123 |
Fingerprint | af13ea5268188476 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | March 4, 2016, midnight |
Added to db | Jan. 18, 2023, 8:42 p.m. |
Last updated | Dec. 20, 2024, 1:38 p.m. |
Headline | Windows Filtering Platform: Persistent state under the hood |
Title | Windows Filtering Platform: Persistent state under the hood |
Detected Hints/Tags/Attributes | 34/1/15 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 217 | msdn.microsoft.com |
|
Details | Domain | 1 | www2.opengroup.org |
|
Details | Domain | 3 | pubs.opengroup.org |
|
Details | File | 3 | bfe.dll |
|
Details | File | 8 | netio.sys |
|
Details | File | 1 | toc.pdf |
|
Details | File | 1 | cc243560.aspx |
|
Details | File | 8 | firewallapi.dll |
|
Details | Url | 1 | http://msdn.microsoft.com/en-us/library/windows/desktop/aa366509(v=vs.85).aspx |
|
Details | Url | 1 | https://www2.opengroup.org/ogsys/catalog/c706 |
|
Details | Url | 1 | http://pubs.opengroup.org/onlinepubs/009629399/toc.pdf |
|
Details | Url | 1 | http://msdn.microsoft.com/en-us/library/cc243560.aspx |
|
Details | Url | 1 | http://msdn.microsoft.com/en-us/library/windows/desktop/aa378635(v=vs.85).aspx |
|
Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet001\Services\BFE\Parameters\Policy\BootTime |
|
Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet001\Services\BFE\Parameters\Policy\Persistent |