Skip to content

Hide Navigation Hide TOC

Active Directory Structure Export Via Csvde.EXE (e5d36acd-acb4-4c6f-a13f-9eb203d50099)

Detects the execution of "csvde.exe" in order to export organizational Active Directory structure.

Cluster A Galaxy A Cluster B Galaxy B Level
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Active Directory Structure Export Via Csvde.EXE (e5d36acd-acb4-4c6f-a13f-9eb203d50099) Sigma-Rules 1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2