Time Machine Backup Deletion Attempt Via Tmutil - MacOS (452df256-da78-427a-866f-49fa04417d74)
Detects deletion attempts of MacOS Time Machine backups via the native backup utility "tmutil". An adversary may perform this action before launching a ransonware attack to prevent the victim from restoring their files.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Time Machine Backup Deletion Attempt Via Tmutil - MacOS (452df256-da78-427a-866f-49fa04417d74) | Sigma-Rules | Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) | Attack Pattern | 1 |