attack.S0650 | Detection.FYI

QBot process creation from scheduled task REGSVR32 (regsvr32.exe), -s flag and SYSTEM in the command line
Jan 8, 2023 · attack.persistence attack.privilege_escalation attack.t1053.005 attack.S0650 attack.qbot ·
Share on:
Detects the process creation from Scheduled Task with REGSVR32 (regsvr32.exe), -s flag and SYSTEM in the command line

Read More
QBot scheduled task REGSVR32 with C$ image path
Jan 8, 2023 · attack.persistence attack.privilege_escalation attack.t1053.005 attack.S0650 attack.qbot ·
Share on:
Detects the creation of Scheduled Task with REGSVR32 (regsvr32.exe) and C$ in the image path field

Read More