Removal Of SD Value to Hide Schedule Task - Registry (acd74772-5f88-45c7-956b-6a7b36c294d2)
Remove SD (Security Descriptor) value in \Schedule\TaskCache\Tree registry hive to hide schedule task. This technique is used by Tarrask malware
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) | Attack Pattern | Removal Of SD Value to Hide Schedule Task - Registry (acd74772-5f88-45c7-956b-6a7b36c294d2) | Sigma-Rules | 1 |