Skip to content

Hide Navigation Hide TOC

New Connection Initiated To Potential Dead Drop Resolver Domain (297ae038-edc2-4b2e-bb3e-7c5fc94dd5c7)

Detects an executable, which is not an internet browser or known application, initiating network connections to legit popular websites, which were seen to be used as dead drop resolvers in previous attacks. In this context attackers leverage known websites such as "facebook", "youtube", etc. In order to pass through undetected.

Cluster A Galaxy A Cluster B Galaxy B Level
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern New Connection Initiated To Potential Dead Drop Resolver Domain (297ae038-edc2-4b2e-bb3e-7c5fc94dd5c7) Sigma-Rules 1
New Connection Initiated To Potential Dead Drop Resolver Domain (297ae038-edc2-4b2e-bb3e-7c5fc94dd5c7) Sigma-Rules Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 1
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 2