T1680

Local Storage Discovery

Adversaries may enumerate local drives, disks, and/or volumes and their attributes like total or free space and volume serial number. This can be done to prepare for ransomware-related encryption, to perform [Lateral Movement](https://attack.mitre.org/tactics/TA0109), or as a precursor to [Direct Volume Access](https://attack.mitre.org/techniques/T1006). On ESXi systems, adversaries may use [Hypervisor CLI](https://attack.mitre.org/techniques/T1059/012) commands such as `esxcli` to list storag...

ESXiIaaSLinuxmacOSWindows

Detections

Sources

Threat Actors

THREAT ACTORS (10)

Chimera Confucius Higaisa Kimsuky Lazarus Group Patchwork TeamTNT ToddyCat Tropic Trooper Volt Typhoon

Local Storage Discovery

THREAT ACTORS (10)

DETECTIONS (0)