Skip to content

Hide Navigation Hide TOC

Suspicious Get Local Groups Information - PowerShell (fa6a5a45-3ee2-4529-aa14-ee5edc9e29cb)

Adversaries may attempt to find local system groups and permission settings. The knowledge of local system permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as the users found within the local administrators group.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Get Local Groups Information - PowerShell (fa6a5a45-3ee2-4529-aa14-ee5edc9e29cb) Sigma-Rules Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 1
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2