Skip to content

Hide Navigation Hide TOC

Unusual File Modification by dns.exe (9f383dc0-fdeb-4d56-acbc-9f9f4f8f20f3)

Detects an unexpected file being modified by dns.exe which my indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)

Cluster A Galaxy A Cluster B Galaxy B Level
Unusual File Modification by dns.exe (9f383dc0-fdeb-4d56-acbc-9f9f4f8f20f3) Sigma-Rules External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 1