HackTool - RemoteKrbRelay SMB Relay Secrets Dump Module Indicators (3ab79e90-9fab-4cdf-a7b2-6522bc742adb)
Detects the creation of file with specific names used by RemoteKrbRelay SMB Relay attack module.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) | Attack Pattern | HackTool - RemoteKrbRelay SMB Relay Secrets Dump Module Indicators (3ab79e90-9fab-4cdf-a7b2-6522bc742adb) | Sigma-Rules | 1 |