Fodhelper UAC Bypass

 1title: Fodhelper UAC Bypass
 2status: experimental
 3description: Fodhelper UAC Bypass
 4author: Joe Security
 5date: 2020-07-30
 6id: 200082
 7threatname:
 8behaviorgroup: 26
 9classification: 7
10mitreattack:
11
12logsource:
13    category: process_creation
14    product: windows
15detection:
16    selection:
17        CommandLine:
18            - '*reg add*hkcu\software\classes\ms-settings\shell\open\command*'
19    condition: selection
20level: critical