<<< Hide Navigation Hide TOC >>>
HackTool - SharpDPAPI Execution (c7d33b50-f690-4b51-8cfb-0fb912a31e57)
Detects the execution of the SharpDPAPI tool based on CommandLine flags and PE metadata. SharpDPAPI is a C# port of some DPAPI functionality from the Mimikatz project.
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
HackTool - SharpDPAPI Execution (c7d33b50-f690-4b51-8cfb-0fb912a31e57) | Sigma-Rules | Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) | Attack Pattern | 1 |
HackTool - SharpDPAPI Execution (c7d33b50-f690-4b51-8cfb-0fb912a31e57) | Sigma-Rules | Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) | Attack Pattern | 1 |
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) | Attack Pattern | Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) | Attack Pattern | 2 |
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) | Attack Pattern | Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) | Attack Pattern | 2 |