Skip to content

Hide Navigation Hide TOC

Enabling COR Profiler Environment Variables (ad89044a-8f49-4673-9a55-cbd88a1b374f)

Detects .NET Framework CLR and .NET Core CLR "cor_enable_profiling" and "cor_profiler" variables being set and configured.

Cluster A Galaxy A Cluster B Galaxy B Level
Enabling COR Profiler Environment Variables (ad89044a-8f49-4673-9a55-cbd88a1b374f) Sigma-Rules COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) Attack Pattern 1
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2