Skip to content

Hide Navigation Hide TOC

Potentially Suspicious Command Targeting Teams Sensitive Files (d2eb17db-1d39-41dc-b57f-301f6512fa75)

Detects a commandline containing references to the Microsoft Teams database or cookies files from a process other than Teams. The database might contain authentication tokens and other sensitive information about the logged in accounts.

Cluster A Galaxy A Cluster B Galaxy B Level
Potentially Suspicious Command Targeting Teams Sensitive Files (d2eb17db-1d39-41dc-b57f-301f6512fa75) Sigma-Rules Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 1