LoFP
/
t1001
t1001
Title
Tags
companies, who may use these default ldap-attributes for personal information
t1001
t1001.003
windows
sigma
other legimate tools, which do adsi (ldap) operations, e.g. any remoting activity by mmc, powershell, windows etc.
t1001
t1001.003
windows
sigma
some legitimate virtual machine setups or automated testing environments may run qemu with the -nographic flag. review and whitelist approved systems to reduce false alerts.
t1001
t1036
t1204.002
t1564.006
endpoint
splunk
some security tools or legitimate debugging processes may decode config files similar to powgoop. review and whitelist trusted applications to reduce false alerts.
t1001
t1059.001
endpoint
splunk
LoFP
/
t1001