Skip to content

Hide Navigation Hide TOC

DNS Query To Devtunnels Domain (1cb0c6ce-3d00-44fc-ab9c-6d6d577bf20b)

Detects DNS query requests to Devtunnels domains. Attackers can abuse that feature to establish a reverse shell or persistence on a machine.

Cluster A Galaxy A Cluster B Galaxy B Level
DNS Query To Devtunnels Domain (1cb0c6ce-3d00-44fc-ab9c-6d6d577bf20b) Sigma-Rules Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2