valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8e500d2caa
SigmaHQ/rules/windows/builtin/win_alert_mimikatz_keywords.yml
Florian Roth aca70e57ec Massive Title Cleanup
2018-01-27 10:57:30 +01:00

21 lines
572 B
YAML
Raw Blame History

title: Mimikatz Use
description: This method detects mimikatz keywords in different Eventlogs (some of them only appear in older Mimikatz version that are however still used by different threat groups)
author: Florian Roth
logsource:
product: windows
detection:
keywords:
- mimikatz
- mimilib
- <3 eo.oe
- eo.oe.kiwi
- privilege::debug
- sekurlsa::logonpasswords
- lsadump::sam
- mimidrv.sys
condition: keywords
falsepositives:
- Naughty administrators
- Penetration test
level: critical
Reference in New Issue View Git Blame Copy Permalink