Skip to content

Hide Navigation Hide TOC

Potential Application Whitelisting Bypass via Dnx.EXE (81ebd28b-9607-4478-bf06-974ed9d53ed7)

Detects the execution of Dnx.EXE. The Dnx utility allows for the execution of C# code. Attackers might abuse this in order to bypass application whitelisting.

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Application Whitelisting Bypass via Dnx.EXE (81ebd28b-9607-4478-bf06-974ed9d53ed7) Sigma-Rules Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 1
Potential Application Whitelisting Bypass via Dnx.EXE (81ebd28b-9607-4478-bf06-974ed9d53ed7) Sigma-Rules System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 2