Skip to content

Hide Navigation Hide TOC

Potential Dead Drop Resolvers (297ae038-edc2-4b2e-bb3e-7c5fc94dd5c7)

Detects an executable, which is not an internet browser or known application, initiating network connections to legit popular websites, which were seen to be used as dead drop resolvers in previous attacks. In this context attackers leverage known websites such as "facebook", "youtube", etc. In order to pass through undetected.

Cluster A Galaxy A Cluster B Galaxy B Level
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Potential Dead Drop Resolvers (297ae038-edc2-4b2e-bb3e-7c5fc94dd5c7) Sigma-Rules 1
Potential Dead Drop Resolvers (297ae038-edc2-4b2e-bb3e-7c5fc94dd5c7) Sigma-Rules Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 1
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 2