Suspicious Veeam Backup Process Creation

Rule Info

Name
Suspicious Veeam Backup Process Creation
Author
Florian Roth
Description
Detects the execution of suspicious Veeam Backup sub processes and PowerShell commands that are often related to exploitation
Reference
https://www.veeam.com/products/veeam-data-platform/backup-recovery.html
Date
2024-09-17 00:00:00
Modified
None
Id
650f5c71-e390-4e52-9cf1-4b321248f03c
Tags
attack.execution attack.t1210
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022