Binary Proxy Execution Via Dotnet-Trace.EXE (9257c05b-4a4a-48e5-a670-b7b073cf401b)
Detects commandline arguments for executing a child process via dotnet-trace.exe
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | Binary Proxy Execution Via Dotnet-Trace.EXE (9257c05b-4a4a-48e5-a670-b7b073cf401b) | Sigma-Rules | 1 |