Account Tampering - Suspicious Failed Logon Reasons (9eb99343-d336-4020-a3cd-67f3819e68ee)
This method uses uncommon error codes on failed logons to determine suspicious activity and tampering with accounts that have been disabled or somehow restricted.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) | Attack Pattern | Account Tampering - Suspicious Failed Logon Reasons (9eb99343-d336-4020-a3cd-67f3819e68ee) | Sigma-Rules | 1 |