Suspicious ConfigSecurityPolicy Execution (1f0f6176-6482-4027-b151-00071af39d7e)
Upload file, credentials or data exfiltration with Binary part of Windows Defender
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Suspicious ConfigSecurityPolicy Execution (1f0f6176-6482-4027-b151-00071af39d7e) | Sigma-Rules | Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) | Attack Pattern | 1 |