BITS Transfer Job With Uncommon Or Suspicious Remote TLD (6d44fb93-e7d2-475c-9d3d-54c9c1e33427)
Detects a suspicious download using the BITS client from a FQDN that is unusual. Adversaries may abuse BITS jobs to persistently execute or clean up after malicious payloads.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| BITS Transfer Job With Uncommon Or Suspicious Remote TLD (6d44fb93-e7d2-475c-9d3d-54c9c1e33427) | Sigma-Rules | BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) | Attack Pattern | 1 |