Edit Threat

Name

Category

Tags (comma-separated)

Description Adversaries may enumerate local drives, disks, and/or volumes and their attributes like total or free space and volume serial number. This can be done to prepare for ransomware-related encryption, to perform Lateral Movement, or as a precursor to Direct Volume Access. On ESXi systems, adversaries may use Hypervisor CLI commands such as esxcli to list storage connected to the host as well as .vmdk files. On Windows systems, adversaries can use wmic logicaldisk get to find information about local