Hide Navigation Hide TOC

Suspicious Cobalt Strike DNS Beaconing - Sysmon (f356a9c4-effd-4608-bbf8-408afd5cd006)

Detects a program that invoked suspicious DNS queries known from Cobalt Strike beacons

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious Cobalt Strike DNS Beaconing - Sysmon (f356a9c4-effd-4608-bbf8-408afd5cd006)	Sigma-Rules	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	2