Suspicious Volume Shadow Copy Vssapi.dll Load (37774c23-25a1-4adb-bb6d-8bb9fd59c0f8)
Detects the image load of VSS DLL by uncommon executables
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious Volume Shadow Copy Vssapi.dll Load (37774c23-25a1-4adb-bb6d-8bb9fd59c0f8) | Sigma-Rules | Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) | Attack Pattern | 1 |