Suspicious Redirection to Local Admin Share (ab9e3b40-0c85-4ba1-aede-455d226fd124)
Detects a suspicious output redirection to the local admins share, this technique is often found in malicious scripts or hacktool stagers
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious Redirection to Local Admin Share (ab9e3b40-0c85-4ba1-aede-455d226fd124) | Sigma-Rules | Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) | Attack Pattern | 1 |