Skip to content

Hide Navigation Hide TOC

HackTool - WinPwn Execution - ScriptBlock (851fd622-b675-4d26-b803-14bc7baa517a)

Detects scriptblock text keywords indicative of potential usge of the tool WinPwn. A tool for Windows and Active Directory reconnaissance and exploitation.

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HackTool - WinPwn Execution - ScriptBlock (851fd622-b675-4d26-b803-14bc7baa517a) Sigma-Rules 1
HackTool - WinPwn Execution - ScriptBlock (851fd622-b675-4d26-b803-14bc7baa517a) Sigma-Rules Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern HackTool - WinPwn Execution - ScriptBlock (851fd622-b675-4d26-b803-14bc7baa517a) Sigma-Rules 1
HackTool - WinPwn Execution - ScriptBlock (851fd622-b675-4d26-b803-14bc7baa517a) Sigma-Rules Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern HackTool - WinPwn Execution - ScriptBlock (851fd622-b675-4d26-b803-14bc7baa517a) Sigma-Rules 1
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern HackTool - WinPwn Execution - ScriptBlock (851fd622-b675-4d26-b803-14bc7baa517a) Sigma-Rules 1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern HackTool - WinPwn Execution - ScriptBlock (851fd622-b675-4d26-b803-14bc7baa517a) Sigma-Rules 1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern HackTool - WinPwn Execution - ScriptBlock (851fd622-b675-4d26-b803-14bc7baa517a) Sigma-Rules 1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2