Silence.EDA Detection (3ceb2083-a27f-449a-be33-14ec1b7cc973)

Detects Silence EmpireDNSAgent as described in the Group-IP report

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Silence.EDA Detection (3ceb2083-a27f-449a-be33-14ec1b7cc973)	Sigma-Rules	1
Silence.EDA Detection (3ceb2083-a27f-449a-be33-14ec1b7cc973)	Sigma-Rules	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	1
Silence.EDA Detection (3ceb2083-a27f-449a-be33-14ec1b7cc973)	Sigma-Rules	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	1
Silence.EDA Detection (3ceb2083-a27f-449a-be33-14ec1b7cc973)	Sigma-Rules	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	2