Skip to content

Hide Navigation Hide TOC

DNS Query To Common Malware Hosting and Shortener Services (f8c1e80b-c73a-476a-ae24-6c72528b1521)

Detects DNS queries to domains commonly used by threat actors to host malware payloads or redirect through URL shorteners. These include platforms like Cloudflare Workers, TryCloudflare, InfinityFree, and URL shorteners such as tinyurl and lihi.cc. Such DNS activity can indicate potential delivery or command-and-control communication attempts.

Cluster A Galaxy A Cluster B Galaxy B Level
DNS Query To Common Malware Hosting and Shortener Services (f8c1e80b-c73a-476a-ae24-6c72528b1521) Sigma-Rules DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 2