administrator, hotline ask to user

t1016
windows
sigma

Techniques

t1016

Sample rules

Suspicious Network Command

source: sigma
technicques:
- t1016

Description

Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems

Detection logic

condition: selection
selection:
  CommandLine|contains:
  - ipconfig /all
  - netsh interface show interface
  - arp -a
  - nbtstat -n
  - net config
  - route print