Skip to content

Hide Navigation Hide TOC

Security Tools Keyword Lookup Via Findstr.EXE (4fe074b4-b833-4081-8f24-7dcfeca72b42)

Detects execution of "findstr" to search for common names of security tools. Attackers often pipe the results of recon commands such as "tasklist" or "whoami" to "findstr" in order to filter out the results. This detection focuses on the keywords that the attacker might use as a filter.

Cluster A Galaxy A Cluster B Galaxy B Level
Security Tools Keyword Lookup Via Findstr.EXE (4fe074b4-b833-4081-8f24-7dcfeca72b42) Sigma-Rules Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2