Potential Ransomware or Unauthorized MBR Tampering Via Bcdedit.EXE (c9fbe8e9-119d-40a6-9b59-dd58a5d84429)

Detects potential malicious and unauthorized usage of bcdedit.exe

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential Ransomware or Unauthorized MBR Tampering Via Bcdedit.EXE (c9fbe8e9-119d-40a6-9b59-dd58a5d84429)	Sigma-Rules	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	1
Potential Ransomware or Unauthorized MBR Tampering Via Bcdedit.EXE (c9fbe8e9-119d-40a6-9b59-dd58a5d84429)	Sigma-Rules	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	1
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	2