HackTool - SOAPHound Execution (e92a4287-e072-4a40-9739-370c106bb750)
Detects the execution of SOAPHound, a .NET tool for collecting Active Directory data, using specific command-line arguments that may indicate an attempt to extract sensitive AD information.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| HackTool - SOAPHound Execution (e92a4287-e072-4a40-9739-370c106bb750) | Sigma-Rules | Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) | Attack Pattern | 1 |