Boot Configuration Tampering Via Bcdedit.EXE (1444443e-6757-43e4-9ea4-c8fc705f79a2)
Detects the use of the bcdedit command to tamper with the boot configuration data. This technique is often times used by malware or attackers as a destructive way before launching ransomware.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) | Attack Pattern | Boot Configuration Tampering Via Bcdedit.EXE (1444443e-6757-43e4-9ea4-c8fc705f79a2) | Sigma-Rules | 1 |