Potential Defense Evasion Via Raw Disk Access By Uncommon Tools (db809f10-56ce-4420-8c86-d6a7d793c79c)
Detects raw disk access using uncommon tools or tools that are located in suspicious locations (heavy filtering is required), which could indicate possible defense evasion attempts
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Potential Defense Evasion Via Raw Disk Access By Uncommon Tools (db809f10-56ce-4420-8c86-d6a7d793c79c) | Sigma-Rules | Direct Volume Access - T1006 (0c8ab3eb-df48-4b9c-ace7-beacaac81cc5) | Attack Pattern | 1 |