Skip to content

Hide Navigation Hide TOC

Network Connection Initiated To BTunnels Domains (9e02c8ec-02b9-43e8-81eb-34a475ba7965)

Detects network connections to BTunnels domains initiated by a process on the system. Attackers can abuse that feature to establish a reverse shell or persistence on a machine.

Cluster A Galaxy A Cluster B Galaxy B Level
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Network Connection Initiated To BTunnels Domains (9e02c8ec-02b9-43e8-81eb-34a475ba7965) Sigma-Rules 1
Network Connection Initiated To BTunnels Domains (9e02c8ec-02b9-43e8-81eb-34a475ba7965) Sigma-Rules Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 1