Fsutil Behavior Set SymlinkEvaluation (c0b2768a-dd06-4671-8339-b16ca8d1f27f)
A symbolic link is a type of file that contains a reference to another file. This is probably done to make sure that the ransomware is able to follow shortcuts on the machine in order to find the original file to encrypt
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Fsutil Behavior Set SymlinkEvaluation (c0b2768a-dd06-4671-8339-b16ca8d1f27f) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |