Zerologon Exploitation Using Well-known Tools (18f37338-b9bd-4117-a039-280c81f7a596)
This rule is designed to detect attempts to exploit Zerologon (CVE-2020-1472) vulnerability using mimikatz zerologon module or other exploits from machine with "kali" hostname.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Zerologon Exploitation Using Well-known Tools (18f37338-b9bd-4117-a039-280c81f7a596) | Sigma-Rules | Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) | Attack Pattern | 1 |