Suspicious Velociraptor Child Process (4bc90587-e6ca-4b41-be0b-ed4d04e4ed0c)
Detects the suspicious use of the Velociraptor DFIR tool to execute other tools or download additional payloads, as seen in a campaign where it was abused for remote access and to stage further attacks.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious Velociraptor Child Process (4bc90587-e6ca-4b41-be0b-ed4d04e4ed0c) | Sigma-Rules | Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) | Attack Pattern | 1 |