From e3bf84fe5147d5a5bb7c2fe6328ea021f4e5f067 Mon Sep 17 00:00:00 2001
From: Eric Conrad <git@zez.me>
Date: Fri, 29 Oct 2021 16:25:45 -0400
Subject: [PATCH] Added some ASEPs

---
 regexes.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/regexes.txt b/regexes.txt
index c06c663..03e08ec 100644
--- a/regexes.txt
+++ b/regexes.txt
@@ -23,5 +23,8 @@ Type,regex,string
 # Generic cvtres.exe alert, comment out if experiencing false positives
 0,\\cvtres\.exe.*,Resource File To COFF Object Conversion Utility cvtres.exe
 0,\\cvtres\.exe.*\\AppData\\Local\\Temp\\[A-Z0-9]{7}\.tmp,PSAttack-style command via cvtres.exe
+0,Register-ScheduledTask,Command referencing Register-ScheduledTask (possible ASEP)
+0,Software\\Microsoft\\Windows\\CurrentVersion\\Run,Reference to registry run key (possible ASEP)
+0,reg *add,Registry addition (possible ASEP)
 1,^[a-zA-Z]{22}$,Metasploit-style service name: 22 characters, [A-Za-z]
 1,^[a-zA-Z]{16}$,Metasploit-style service name: 16 characters, [A-Za-z]