Skip to content

Hide Navigation Hide TOC

Use NTFS Short Name in Command Line (dd6b39d9-d9be-4a3b-8fe0-fe3c6a5c1795)

Detect use of the Windows 8.3 short name. Which could be used as a method to avoid command-line detection

Cluster A Galaxy A Cluster B Galaxy B Level
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Use NTFS Short Name in Command Line (dd6b39d9-d9be-4a3b-8fe0-fe3c6a5c1795) Sigma-Rules 1
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2