DNS Query to External Service Interaction Domains (aff715fa-4dd5-497a-8db3-910bea555566)

Detects suspicious DNS queries to external service interaction domains often used for out-of-band interactions after successful RCE

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	DNS Query to External Service Interaction Domains (aff715fa-4dd5-497a-8db3-910bea555566)	Sigma-Rules	1
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	DNS Query to External Service Interaction Domains (aff715fa-4dd5-497a-8db3-910bea555566)	Sigma-Rules	1
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	2