Skip to content

Hide Navigation Hide TOC

HackTool - Bloodhound/Sharphound Execution (f376c8a7-a2d0-4ddc-aa0c-16c17236d962)

Detects command line parameters used by Bloodhound and Sharphound hack tools

Cluster A Galaxy A Cluster B Galaxy B Level
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern HackTool - Bloodhound/Sharphound Execution (f376c8a7-a2d0-4ddc-aa0c-16c17236d962) Sigma-Rules 1
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern HackTool - Bloodhound/Sharphound Execution (f376c8a7-a2d0-4ddc-aa0c-16c17236d962) Sigma-Rules 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern HackTool - Bloodhound/Sharphound Execution (f376c8a7-a2d0-4ddc-aa0c-16c17236d962) Sigma-Rules 1
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern HackTool - Bloodhound/Sharphound Execution (f376c8a7-a2d0-4ddc-aa0c-16c17236d962) Sigma-Rules 1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern HackTool - Bloodhound/Sharphound Execution (f376c8a7-a2d0-4ddc-aa0c-16c17236d962) Sigma-Rules 1
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern HackTool - Bloodhound/Sharphound Execution (f376c8a7-a2d0-4ddc-aa0c-16c17236d962) Sigma-Rules 1
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2