Potential Remote Credential Dumping Activity (6e2a900a-ced9-4e4a-a9c2-13e706f9518a)
Detects default filenames output from the execution of CrackMapExec and Impacket-secretsdump against an endpoint.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Potential Remote Credential Dumping Activity (6e2a900a-ced9-4e4a-a9c2-13e706f9518a) | Sigma-Rules | OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) | Attack Pattern | 1 |