LoFP
/
t1570
t1570
Title
Tags
false positives may occur if a user called rundll32 from cli with no options
t1021
t1021.002
t1569
t1569.002
t1570
windows
sigma
possible, different agents with a 8 character binary and a 4, 8 or 16 character service name
t1021
t1021.002
t1569
t1569.002
t1570
windows
sigma
psexec is a dual-use tool that can be used for benign or malicious activity. it's important to baseline your environment to determine the amount of noise to expect from this tool.
t1021
t1569
t1570
windows
elastic
trusted webdav shares used to host trusted content.
t1021
t1204
t1570
windows
elastic
LoFP
/
t1570