Computer Discovery And Export Via Get-ADComputer Cmdlet

Rule Info

Name
Computer Discovery And Export Via Get-ADComputer Cmdlet
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects usage of the Get-ADComputer cmdlet to collect computer information and output it to a file
Reference
http://blog.talosintelligence.com/2022/09/lazarus-three-rats.html
Date
2022-11-10 00:00:00
Modified
2022-11-17 00:00:00
Id
435e10e4-992a-4281-96f3-38b11106adde
Tags
attack.discovery attack.t1033 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=435e10e4-992a-4281-96f3-38b11106adde

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
95793d73b
frack113
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17
020fc8061
Nasreddine Bencherchali
feat: updates and enhancements
2023-02-14
27aac9763
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
Nasreddine Bencherchali
Rule Dev
2022-11-18
20b0a6bad
Nasreddine Bencherchali
fix: update selection
2022-11-17
e4a580f9b
Nasreddine Bencherchali
feat: add another case to the selection
2022-11-17
278808f16
Nasreddine Bencherchali
fix: apply suggestions from code review
2022-11-11
04b7b92b6
Nasreddine Bencherchali
fix: fix duplicates in id field
2022-11-10
ddf7f1b34
Nasreddine Bencherchali
fix: update rules with more cases
2022-11-10
cd871bbc0
frack113
order yaml
2022-10-28
1f8e37351
Florian Roth
Update proc_creation_win_user_discovery_get_aduser.yml
2022-09-10
a053be791
nasreddine.bencherchali@nextron-systems.com
Update proc_creation_win_user_discovery_get_aduser.yml
2022-09-09
c8fc1cf21
nasreddine.bencherchali@nextron-systems.com
Big Update
2022-09-09
70f9ff61c
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022