DNS Query To Ufile.io - DNS Client

Rule Info

Name
DNS Query To Ufile.io - DNS Client
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects DNS queries to "ufile.io", which was seen abused by malware and threat actors as a method for data exfiltration
Reference
https://thedfirreport.com/2021/12/13/diavol-ransomware/
Date
2023-01-16 00:00:00
Modified
2023-09-18 00:00:00
Id
090ffaad-c01a-4879-850c-6d57da98452d
Tags
attack.exfiltration attack.t1567.002 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=090ffaad-c01a-4879-850c-6d57da98452d

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4427 from @nasbench - Multiple Fixes & Enhancements
2023-10-04
e230acd7e
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
Nasreddine Bencherchali
fix: broken logsource
2023-01-17
1c340493c
Nasreddine Bencherchali
feat: new rules and updates
2023-01-17
85fb255bc
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022