Skip to content

Hide Navigation Hide TOC

DNS Query To AzureWebsites.NET By Non-Browser Process (e043f529-8514-4205-8ab0-7f7d2927b400)

Detects a DNS query by a non browser process on the system to "azurewebsites.net". The latter was often used by threat actors as a malware hosting and exfiltration site.

Cluster A Galaxy A Cluster B Galaxy B Level
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern DNS Query To AzureWebsites.NET By Non-Browser Process (e043f529-8514-4205-8ab0-7f7d2927b400) Sigma-Rules 1
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 2