Terminal Service Process Spawn (1012f107-b8f1-4271-af30-5aed2de89b39)

Detects a process spawned by the terminal service server process (this could be an indicator for an exploitation of CVE-2019-0708)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	Terminal Service Process Spawn (1012f107-b8f1-4271-af30-5aed2de89b39)	Sigma-Rules	1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	Terminal Service Process Spawn (1012f107-b8f1-4271-af30-5aed2de89b39)	Sigma-Rules	1