Rule Info
Name
Suspicious Cobalt Strike DNS Beaconing - DNS Client
Description
Detects a program that invoked suspicious DNS queries known from Cobalt Strike beacons
Modified
None
Date
2023-01-16 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.command_and_control DEMO attack.t1071.004
Id
0d18728b-f5bf-4381-9dcf-915539fff6c2
Type
Community Rule
Link to Public Repo
Rule History
Author
Commit
Title
Date
Scan your endpoints, forensic images or collected files with our portable scanner THOR