top of page
TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly
C45-2020-01-31-5
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
HKCU\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command key and execute it.
When executing the command it will not display a UAC prompt and users will have no idea that a program has been executed.
TrickBot is now exploiting this UAC bypass to launch itself | 31/01/2020 | Win_Registry |
bottom of page