Unusual File Deletion by Dns.exe (8f0b1fb1-9bd4-4e74-8cdf-a8de4d2adfd0)
Detects an unexpected file being deleted by dns.exe which my indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Unusual File Deletion by Dns.exe (8f0b1fb1-9bd4-4e74-8cdf-a8de4d2adfd0) | Sigma-Rules | External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) | Attack Pattern | 1 |