(CAPA) CAPA_resize_volume_shadow_copy_storage

Created the . Updated 1 year, 5 months ago.

            rule:
  meta:
    name: resize volume shadow copy storage
    namespace: impact/inhibit-system-recovery
    author: michael.hunhoff@mandiant.com
    scope: basic block
  features:
    - and:
      - api: kernel32.DeviceIoControl
      - number: 0x53C028 = IOCTL_VOLSNAP_SET_MAX_DIFF_AREA_SIZE

Download Raw

Associated Techniques

No associated technique found so far.