LoFP
/
t1561.002
t1561.002
Title
Tags
there are som minimal number of normal applications from system32 folder like svchost.exe accessing the mbr. in this case we used 'system32' and 'syswow64' path as a filter for this detection.
t1561.002
endpoint
splunk
will be used sometimes by admins to clean up local flash space
t1070
t1070.004
t1561
t1561.001
t1561.002
cisco
sigma
LoFP
/
t1561.002