
Rule Info
Name
Network Connection Initiated To Cloudflared Tunnels Domains
Author
Kamran Saifullah, Nasreddine Bencherchali (Nextron Systems)
Description
Detects network connections to Cloudflared tunnels domains initiated by a process on the system.
Attackers can abuse that feature to establish a reverse shell or persistence on a machine.
Reference
Date
2024-05-27 00:00:00
Modified
None
Id
7cd1dcdc-6edf-4896-86dc-d1f19ad64903
Tags
attack.exfiltration attack.command-and-control attack.t1567.001
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Kamran Saifullah
Merge PR #4863 from @deFr0ggy - Add network connection counterpart rule for cloudflare tunnels
2024-05-27