Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream (a8f866e1-bdd4-425e-a27a-37619238d9c7)

Detects the creation of hidden file/folder with the "::$index_allocation" stream. Which can be used as a technique to prevent access to folder and files from tooling such as "explorer.exe" and "powershell.exe"

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream (a8f866e1-bdd4-425e-a27a-37619238d9c7)	Sigma-Rules	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	1
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2