Tag
This rule detects remote file copy attempts to hidden network shares, which may indicate lateral movement or data staging activity, by identifying suspicious file copy operations using command-line tools like cmd.exe and powershell.exe focused on hidden share patterns.