Unusual File Modification by dns.exe (9f383dc0-fdeb-4d56-acbc-9f9f4f8f20f3)
Detects an unexpected file being modified by dns.exe which my indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) | Attack Pattern | Unusual File Modification by dns.exe (9f383dc0-fdeb-4d56-acbc-9f9f4f8f20f3) | Sigma-Rules | 1 |