DNS Query Request To OneLaunch Update Service (df68f791-ad95-447f-a271-640a0dab9cf8)
Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application. When the OneLaunch application is installed it will attempt to get updates from this domain.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) | Attack Pattern | DNS Query Request To OneLaunch Update Service (df68f791-ad95-447f-a271-640a0dab9cf8) | Sigma-Rules | 1 |