Group Has Been Deleted Via Groupdel (8a46f16c-8c4c-82d1-b121-0fdd3ba70a84)
Detects execution of the "groupdel" binary. Which is used to delete a group. This is sometimes abused by threat actors in order to cover their tracks
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0) | Attack Pattern | Group Has Been Deleted Via Groupdel (8a46f16c-8c4c-82d1-b121-0fdd3ba70a84) | Sigma-Rules | 1 |