Techniques
Sample rules
SafetyKatz Default Dump Filename
- source: sigma
- technicques:
- t1003
- t1003.001
Description
Detects default lsass dump filename from SafetyKatz
Detection logic
condition: selection
selection:
TargetFilename|endswith: \Temp\debug.bin