From cce7c5ce3a6daab089b3b13f8af8e6126ace99f3 Mon Sep 17 00:00:00 2001 From: Oddvar Moe Date: Tue, 17 Mar 2020 11:08:47 +0100 Subject: [PATCH] Adjusted error in atbroker as per issue #47 --- yml/OSBinaries/Atbroker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yml/OSBinaries/Atbroker.yml b/yml/OSBinaries/Atbroker.yml index 0d58b23..013ea5b 100644 --- a/yml/OSBinaries/Atbroker.yml +++ b/yml/OSBinaries/Atbroker.yml @@ -19,7 +19,7 @@ Code_Sample: - Code: Detection: - IOC: Changes to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration - - IOC: Changes to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs + - IOC: Changes to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs - IOC: Unknown AT starting C:\Windows\System32\ATBroker.exe /start malware Resources: - Link: http://www.hexacorn.com/blog/2016/07/22/beyond-good-ol-run-key-part-42/