Skip to content

Hide Navigation Hide TOC

TeamViewer Domain Query By Non-TeamViewer Application (778ba9a8-45e4-4b80-8e3e-34a419f0b85e)

Detects DNS queries to a TeamViewer domain only resolved by a TeamViewer client by an image that isn't named TeamViewer (sometimes used by threat actors for obfuscation)

Cluster A Galaxy A Cluster B Galaxy B Level
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern TeamViewer Domain Query By Non-TeamViewer Application (778ba9a8-45e4-4b80-8e3e-34a419f0b85e) Sigma-Rules 1
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 2