Skip to content

<<< Hide Navigation Hide TOC >>>

Suspicious Cobalt Strike DNS Beaconing - Sysmon (f356a9c4-effd-4608-bbf8-408afd5cd006)

Detects a program that invoked suspicious DNS queries known from Cobalt Strike beacons

Galaxy ColorsSigma-Rule...Attack Pat...
Rows: 2
Loading extensions...
Collapse filters
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Cobalt Strike DNS Beaconing - Sysmon (f356a9c4-effd-4608-bbf8-408afd5cd006) Sigma-Rules DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 1
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2