TeamViewer Domain Query By Non-TeamViewer Application (778ba9a8-45e4-4b80-8e3e-34a419f0b85e)
Detects DNS queries to a TeamViewer domain only resolved by a TeamViewer client by an image that isn't named TeamViewer (sometimes used by threat actors for obfuscation)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) | Attack Pattern | TeamViewer Domain Query By Non-TeamViewer Application (778ba9a8-45e4-4b80-8e3e-34a419f0b85e) | Sigma-Rules | 1 |