User Has Been Deleted Via Userdel (08f26069-6f80-474b-8d1f-d971c6fedea0)
Detects execution of the "userdel" binary. Which is used to delete a user account and related files. This is sometimes abused by threat actors in order to cover their tracks
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0) | Attack Pattern | User Has Been Deleted Via Userdel (08f26069-6f80-474b-8d1f-d971c6fedea0) | Sigma-Rules | 1 |