Skip to content

Hide Navigation Hide TOC

Suspicious Cobalt Strike DNS Beaconing - DNS Client (0d18728b-f5bf-4381-9dcf-915539fff6c2)

Detects a program that invoked suspicious DNS queries known from Cobalt Strike beacons

Cluster A Galaxy A Cluster B Galaxy B Level
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Suspicious Cobalt Strike DNS Beaconing - DNS Client (0d18728b-f5bf-4381-9dcf-915539fff6c2) Sigma-Rules 1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 2