Skip to content

Hide Navigation Hide TOC

Suspicious Get Local Groups Information (cef24b90-dddc-4ae1-a09a-8764872f69fc)

Detects the use of PowerShell modules and cmdlets to gather local group information. Adversaries may use local system permission groups to determine which groups exist and which users belong to a particular group such as the local administrators group.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Get Local Groups Information (cef24b90-dddc-4ae1-a09a-8764872f69fc) Sigma-Rules Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 1
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2