Suspicious Cobalt Strike DNS Beaconing - DNS Client

Rule Info

Name
Suspicious Cobalt Strike DNS Beaconing - DNS Client
Description
Detects a program that invoked suspicious DNS queries known from Cobalt Strike beacons
Modified
None
Date
2023-01-16 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.command_and_control DEMO attack.t1071.004
Id
0d18728b-f5bf-4381-9dcf-915539fff6c2
Type
Community Rule

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
fix: broken logsource
2023-01-17
Nasreddine Bencherchali
feat: new rules and updates
2023-01-17
frack113
Promotion rules (#3821)
2022-12-27
frack113
Order yaml field
2022-10-25
frack113
Name Normalization
2022-02-27
frack113
remove invalid tag
2022-01-19
Florian Roth
refactor: change all " of them" expressions
2022-01-11
Florian Roth
CobaltStrike DNS rules
2021-11-09