list groups for user account

edit on GitHub
search on VirusTotal

# generated using capa explorer for IDA Pro
rule:
  meta:
    name: list groups for user account
    namespace: host-interaction/accounts
    authors:
      - michael.hunhoff@mandiant.com
    description: enumerates all the groups to which a user account belongs
    scopes:
      static: basic block
      dynamic: call
    att&ck:
      - Discovery::Account Discovery [T1087]
  features:
    - or:
      - api: netapi32.NetUserGetGroups
      - api: netapi32.NetUserGetLocalGroups

last edited: 2023-11-24 10:35:00