DNS Query Request To OneLaunch Update Service (df68f791-ad95-447f-a271-640a0dab9cf8)
Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application. When the OneLaunch application is installed it will attempt to get updates from this domain.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) | Attack Pattern | DNS Query Request To OneLaunch Update Service (df68f791-ad95-447f-a271-640a0dab9cf8) | Sigma-Rules | 1 |