Unusually Long DNS Query

Rule Info

Name
Unusually Long DNS Query
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects unusually long DNS queries that may indicate DNS tunneling, data exfiltration attempts, or C2 communication. Usage of DNS for C&C communication or data exfiltration often involves crafting long DNS queries to encode information.
Reference
Internal Research
Date
2026-04-02 00:00:00
Modified
None
Id
4a03df10-2715-40ce-8aab-7ff2894828e9
Tags
attack.exfiltration attack.t1048 attack.command-and-control attack.t1071.004
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022