Suspicious Reg Add Open Command (dd3ee8cc-f751-41c9-ba53-5a32ed47e563)
Threat actors performed dumping of SAM, SECURITY and SYSTEM registry hives using DelegateExecute key
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) | Attack Pattern | Suspicious Reg Add Open Command (dd3ee8cc-f751-41c9-ba53-5a32ed47e563) | Sigma-Rules | 1 |