Suspicious Kernel Dump Using Dtrace (7124aebe-4cd7-4ccb-8df0-6d6b93c96795)
Detects suspicious way to dump the kernel on Windows systems using dtrace.exe, which is available on Windows systems since Windows 10 19H1
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious Kernel Dump Using Dtrace (7124aebe-4cd7-4ccb-8df0-6d6b93c96795) | Sigma-Rules | System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) | Attack Pattern | 1 |