heroui logo

Potential Persistence Via DLLPathOverride

Sigma Rules

View Source
Summary
This detection rule identifies potential persistence mechanisms used by attackers whereby they manipulate the `DLLPathOverride` value within the `Natural Language` registry key. Specifically, it targets modifications in the registry that are likely intended to invoke malicious behavior via the `SearchIndexer.exe` process. By monitoring for specific changes under the `\
Categories
  • Endpoint
  • Windows
Data Sources
  • Windows Registry
Created: 2022-07-21