Credential Dumping Via Symlink To Shadow Copy

Description

This search detects the creation of a symlink to a shadow copy.


Use Case

Advanced Threat Detection

Category

Adversary Tactics,

Alert Volume

This search detects the creation of a symlink to a shadow copy.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Credential Access

MITRE ATT&CK Techniques

OS Credential Dumping

NTDS

MITRE Threat Groups

Chimera
Dragonfly 2.0
FIN6
Wizard Spider

Kill Chain Phases

Actions On Objectives

Data Sources

Endpoint Detection and Response