Potential Domain DPAPI Backup Key Extraction

Rule Info

Name
Potential Domain DPAPI Backup Key Extraction
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects potential DPAPI backup Key extraction.
Reference
https://www.dsinternals.com/en/dpapi-backup-key-theft-auditing/
Date
2024-07-10 00:00:00
Modified
None
Id
686ab53d-5fcb-472b-ad4f-3147d4f516b0
Tags
attack.credential-access attack.t1555 attack.t1552.004
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022