LoFP
/
t1550.003
t1550.003
Title
Tags
although highly unlikely, legitimate applications may use the same command line parameters as mimikatz.
t1550.003
endpoint
splunk
although unlikely, legitimate applications may use the same command line parameters as netexec. filter as needed.
t1550.003
t1558.003
T1558.004
endpoint
splunk
legitimate applications may obtain a handle for winlogon.exe. filter as needed
t1550.003
endpoint
splunk
web browsers and third party application might generate similar activity. an initial baseline is required.
t1550
t1550.003
t1558
t1558.003
windows
sigma
LoFP
/
t1550.003