Computer Discovery And Export Via Get-ADComputer Cmdlet

Rule Info

Name

Computer Discovery And Export Via Get-ADComputer Cmdlet

Author

Nasreddine Bencherchali (Nextron Systems)

Description

Detects usage of the Get-ADComputer cmdlet to collect computer information and output it to a file

Reference

http://blog.talosintelligence.com/2022/09/lazarus-three-rats.html

Date

2022-11-10 00:00:00

Modified

2022-11-17 00:00:00

435e10e4-992a-4281-96f3-38b11106adde

Rule History

Author

Title

Date

Commit

Nasreddine Bencherchali

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12

598d29f81

Nasreddine Bencherchali

Merge PR #4482 From @nasbench - Add New Automation Workflows

2023-10-18

95793d73b

frack113

Merge PR #4479 From @frack113 - Upgrade Rules Status

2023-10-17

020fc8061

Nasreddine Bencherchali

feat: updates and enhancements

2023-02-14

27aac9763

Nasreddine Bencherchali

chore: add nextron authors tag

2023-02-01

7c38a5c49

Nasreddine Bencherchali

Rule Dev

2022-11-18

20b0a6bad

Nasreddine Bencherchali

fix: update selection

2022-11-17

e4a580f9b

Nasreddine Bencherchali

feat: add another case to the selection

2022-11-17

278808f16

Nasreddine Bencherchali

fix: apply suggestions from code review

2022-11-11

04b7b92b6

Nasreddine Bencherchali

fix: fix duplicates in id field

2022-11-10

ddf7f1b34

Nasreddine Bencherchali

fix: update rules with more cases

2022-11-10

cd871bbc0

frack113

order yaml

2022-10-28

1f8e37351

Florian Roth

Update proc_creation_win_user_discovery_get_aduser.yml

2022-09-10

a053be791

nasreddine.bencherchali@nextron-systems.com

Update proc_creation_win_user_discovery_get_aduser.yml

2022-09-09

c8fc1cf21

nasreddine.bencherchali@nextron-systems.com

Big Update

2022-09-09

70f9ff61c