Skip to content

Hide Navigation Hide TOC

Potential Credential Dumping Attempt Using New NetworkProvider - REG (0442defa-b4a2-41c9-ae2c-ea7042fc4701)

Detects when an attacker tries to add a new network provider in order to dump clear text credentials, similar to how the NPPSpy tool does it

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Credential Dumping Attempt Using New NetworkProvider - REG (0442defa-b4a2-41c9-ae2c-ea7042fc4701) Sigma-Rules OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 1