Skip to content

Hide Navigation Hide TOC

Import LDAP Data Interchange Format File Via Ldifde.EXE (6f535e01-ca1f-40be-ab8d-45b19c0c8b7f)

Detects the execution of "Ldifde.exe" with the import flag "-i". The can be abused to include HTTP-based arguments which will allow the arbitrary download of files from a remote server.

Cluster A Galaxy A Cluster B Galaxy B Level
Import LDAP Data Interchange Format File Via Ldifde.EXE (6f535e01-ca1f-40be-ab8d-45b19c0c8b7f) Sigma-Rules System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 1
Import LDAP Data Interchange Format File Via Ldifde.EXE (6f535e01-ca1f-40be-ab8d-45b19c0c8b7f) Sigma-Rules Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1