Installation of Time Providers¶

Attackers may establish persistence by registering a DLL with Windows as a valid time provider.

id:	3056a14a-59d9-43d3-84b5-738b4b8c3dd7
categories:	enrich
confidence:	low
os:	windows
created:	7/26/2019
updated:	7/26/2019

MITRE ATT&CK™ Mapping¶

tactics:	Persistence
techniques:	T1209 Time Providers

Query¶

registry where
  registry_path == "*\\System\\CurrentControlSet\\Services\\W32Time\\TimeProviders\\*"

Contributors¶

Endgame

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.