EXPLORE
Sign In
← Back to Explore
S0002

S0002

12
Detections
1
Sources
0
Threat Actors

BY SOURCE

12sigma

PROCEDURES (8)

Dump3 detections

Auto-extracted: 3 detections for dump

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Credential2 detections

Auto-extracted: 2 detections for credential

Process Access1 detections

Auto-extracted: 1 detections for process access

Process Access1 detections

Auto-extracted: 1 detections for process access

Mimikatz1 detections

Auto-extracted: 1 detections for mimikatz

Mimikatz1 detections

Auto-extracted: 1 detections for mimikatz

Credential1 detections

Auto-extracted: 1 detections for credential

DETECTIONS (12)

Credential Dumping Attempt Via WerFault
sigmahigh
HackTool - Generic Process Access
sigmahigh
LSASS Access From Potentially White-Listed Processes
sigmahigh
LSASS Access From Program In Potentially Suspicious Folder
sigmamedium
LSASS Memory Access by Tool With Dump Keyword In Name
sigmahigh
Mimikatz DC Sync
sigmahigh
Mimikatz Use
sigmahigh
Potential Credential Dumping Activity Via LSASS
sigmamedium
Potentially Suspicious GrantedAccess Flags On LSASS
sigmamedium
Remote LSASS Process Access Through Windows Remote Management
sigmahigh
Successful Overpass the Hash Attempt
sigmahigh
Uncommon GrantedAccess Flags On LSASS
sigmamedium