Rule Info
Name
Volume Shadow Copy Mounted
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects mounting of an NTFS volume shadow copy instance including creation.
Reference
Internal Research
Date
2024-01-24 00:00:00
Modified
None
Id
cf82b6a7-14eb-4bd2-8415-345e9d35e105
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)