Skip to content

Hide Navigation Hide TOC

Notepad++ Updater DNS Query to Uncommon Domains (2074e137-1b73-4e2d-88ba-5a3407dbdce0)

Detects when the Notepad++ updater (gup.exe) makes DNS queries to domains that are not part of the known legitimate update infrastructure. This could indicate potential exploitation of the updater mechanism or suspicious network activity that warrants further investigation.

Cluster A Galaxy A Cluster B Galaxy B Level
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Notepad++ Updater DNS Query to Uncommon Domains (2074e137-1b73-4e2d-88ba-5a3407dbdce0) Sigma-Rules 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Notepad++ Updater DNS Query to Uncommon Domains (2074e137-1b73-4e2d-88ba-5a3407dbdce0) Sigma-Rules 1
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 2