Skip to content

Hide Navigation Hide TOC

Security Tools Keyword Lookup Via Findstr.EXE (4fe074b4-b833-4081-8f24-7dcfeca72b42)

Detects execution of "findstr" to search for common names of security tools. Attackers often pipe the results of recon commands such as "tasklist" or "whoami" to "findstr" in order to filter out the results. This detection focuses on the keywords that the attacker might use as a filter.

Cluster A Galaxy A Cluster B Galaxy B Level
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Security Tools Keyword Lookup Via Findstr.EXE (4fe074b4-b833-4081-8f24-7dcfeca72b42) Sigma-Rules 1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2