Wdigest Enable UseLogonCredential (d6a9b252-c666-4de6-8806-5561bbbd3bdc)
Detects potential malicious modification of the property value of UseLogonCredential from HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest to enable clear-text credentials
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) | Attack Pattern | Wdigest Enable UseLogonCredential (d6a9b252-c666-4de6-8806-5561bbbd3bdc) | Sigma-Rules | 1 |