Windows Disableantispyware Registry

Description

The search looks for the Registry Key DisableAntiSpyware set to disable. This is consistent with Ryuk infections across a fleet of endpoints.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

The search looks for the Registry Key DisableAntiSpyware set to disable. This is consistent with Ryuk infections across a fleet of endpoints.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Defense Evasion

MITRE ATT&CK Techniques

Impair Defenses

Disable or Modify Tools

MITRE Threat Groups

BRONZE BUTLER
FIN6
Gamaredon Group
Gorgon Group
Kimsuky
Lazarus Group
Night Dragon
Putter Panda
Rocke
Turla
Wizard Spider

Data Sources


   Help

Windows Disableantispyware Registry Help

You must be ingesting data that records the process-system activity from your hosts to populate the Endpoint Processes data-model object. If you are using Sysmon, you will need a Splunk Universal Forwarder on each endpoint from which you want to collect data.

   Search

Open in Search