Skip to content

Hide Navigation Hide TOC

Potential Discovery Activity Via Dnscmd.EXE (b6457d63-d2a2-4e29-859d-4e7affc153d1)

Detects an attempt to leverage dnscmd.exe to enumerate the DNS zones of a domain. DNS zones used to host the DNS records for a particular domain.

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Potential Discovery Activity Via Dnscmd.EXE (b6457d63-d2a2-4e29-859d-4e7affc153d1) Sigma-Rules 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2