Privilege Escalation via Named Pipe Impersonation (9bd04a79-dabe-4f1f-a5ff-92430265c96b)
Detects a remote file copy attempt to a hidden network share. This may indicate lateral movement or data staging activity.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) | Attack Pattern | Privilege Escalation via Named Pipe Impersonation (9bd04a79-dabe-4f1f-a5ff-92430265c96b) | Sigma-Rules | 1 |