Skip to content

Hide Navigation Hide TOC

Network Connection Initiated To DevTunnels Domain (9501f8e6-8e3d-48fc-a8a6-1089dd5d7ef4)

Detects network connections to Devtunnels domains initiated by a process on a system. Attackers can abuse that feature to establish a reverse shell or persistence on a machine.

Cluster A Galaxy A Cluster B Galaxy B Level
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern Network Connection Initiated To DevTunnels Domain (9501f8e6-8e3d-48fc-a8a6-1089dd5d7ef4) Sigma-Rules 1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern 2