Skip to content

Hide Navigation Hide TOC

Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb)

Detects potential suspicious behaviour using secedit.exe. Such as exporting or modifying the security policy

Cluster A Galaxy A Cluster B Galaxy B Level
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) Attack Pattern 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe) Attack Pattern 1
Potential Suspicious Activity Using SeCEdit (c2c76b77-32be-4d1f-82c9-7e544bdfe0eb) Sigma-Rules Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec) Attack Pattern 1
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) Attack Pattern 2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 2
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec) Attack Pattern 2