Skip to content

Hide Navigation Hide TOC

Suspicious Get Local Groups Information - PowerShell (fa6a5a45-3ee2-4529-aa14-ee5edc9e29cb)

Detects the use of PowerShell modules and cmdlets to gather local group information. Adversaries may use local system permission groups to determine which groups exist and which users belong to a particular group such as the local administrators group.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Get Local Groups Information - PowerShell (fa6a5a45-3ee2-4529-aa14-ee5edc9e29cb) Sigma-Rules Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 1
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2