StickyKeys_Registry_Backdoor

Name: StickyKeys_Registry_Backdoor
Searches for the presence of the 'Debugger' registry key for common Windows accessibility tools. More info: (https://blogs.technet.microsoft.com/jonathantrull/2016/10/03/detecting-sticky-key-backdoors/):

Query:
SELECT * FROM registry WHERE key LIKE 'HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options%%' and name='Debugger';
Additional Query Info:
Version: 2.2.1
Platform: windows
Interval: 3600

JSON:
{
  "queries": {
    "StickyKeys_Registry_Backdoor": {
      "query" : "SELECT * FROM registry WHERE key LIKE 'HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options%%' and name='Debugger';",
      "interval" : "3600",
      "platform" : "windows",
      "version": "2.2.1",
      "description" : "Searches for the presence of the 'Debugger' registry key for common Windows accessibility tools. More info: (https://blogs.technet.microsoft.com/jonathantrull/2016/10/03/detecting-sticky-key-backdoors/)",
      "value" : ""
    }
  }
}

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com