https://detection.fyi/sigmahq/sigma/windows/file/file_event/file_event_win_susp_dpapi_backup_and_cert_export_ioc/
DPAPI Backup Keys And Certificate Export Activity IOC | Detection.FYI
Detects file names with specific patterns seen generated and used by tools such as Mimikatz and DSInternals related to exported or stolen DPAPI backup keys and...
ioc detectiondpapibackupkeyscertificate