Suspicious registry additions #1

JouniMi · 2025-02-09T12:31:00Z

Added queries to find for suspicious registry additions.

Change(s):

Adding Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-base64-encoded-registry-keys.yaml
Adding Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-command-interpreters-added-to-registry.yaml
Adding Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-keywords-in-registry.yaml -

Reason for Change(s):

Adding hunting queries for finding suspicious registry entries

Added queries to find for suspicious registry additions. Change(s): Adding Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-base64-encoded-registry-keys.yaml Adding Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-command-interpreters-added-to-registry.yaml Adding Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-keywords-in-registry.yaml Reason for Change(s): Adding hunting queries for finding suspicious registry entries

Removed the fields which causes failures.

JouniMi added 2 commits February 9, 2025 14:26

Removed the RemoteSession fields

49109b8

Removed the fields which causes failures.

JouniMi closed this Feb 11, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Suspicious registry additions #1

Suspicious registry additions #1

JouniMi commented Feb 9, 2025

Suspicious registry additions #1

Suspicious registry additions #1

Conversation

JouniMi commented Feb 9, 2025