Unusual Child Process of dns.exe (a4e3d776-f12e-42c2-8510-9e6ed1f43ec3)
Detects an unexpected process spawning from dns.exe which may indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) | Attack Pattern | Unusual Child Process of dns.exe (a4e3d776-f12e-42c2-8510-9e6ed1f43ec3) | Sigma-Rules | 1 |