PUA - PingCastle Execution From Potentially Suspicious Parent (b37998de-a70b-4f33-b219-ec36bf433dc0)
Detects the execution of PingCastle, a tool designed to quickly assess the Active Directory security level via a script located in a potentially suspicious or uncommon location.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) | Attack Pattern | PUA - PingCastle Execution From Potentially Suspicious Parent (b37998de-a70b-4f33-b219-ec36bf433dc0) | Sigma-Rules | 1 |