Microsoft IIS Service Account Password Dumped (2d3cdeec-c0db-45b4-aa86-082f7eb75701)
Detects the Internet Information Services (IIS) command-line tool, AppCmd, being used to list passwords
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Microsoft IIS Service Account Password Dumped (2d3cdeec-c0db-45b4-aa86-082f7eb75701) | Sigma-Rules | OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) | Attack Pattern | 1 |