Skip to content

Hide Navigation Hide TOC

Suspicious Get Local Groups Information (cef24b90-dddc-4ae1-a09a-8764872f69fc)

Adversaries may attempt to find local system groups and permission settings. The knowledge of local system permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as the users found within the local administrators group.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Get Local Groups Information (cef24b90-dddc-4ae1-a09a-8764872f69fc) Sigma-Rules Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 1
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2