Techniques
Sample rules
HackTool - Typical HiveNightmare SAM File Export
- source: sigma
- technicques:
- t1552
- t1552.001
Description
Detects files written by the different tools that exploit HiveNightmare
Detection logic
condition: selection
selection:
- TargetFilename|contains:
- \hive_sam_
- \SAM-2021-
- \SAM-2022-
- \SAM-2023-
- \SAM-haxx
- \Sam.save
- TargetFilename: C:\windows\temp\sam