![Back to home Valhalla Logo](/static/valhalla-logo.png)
Rule Info
Name
Network Connection Initiated To Cloudflared Tunnels Domains
Author
Kamran Saifullah, Nasreddine Bencherchali (Nextron Systems)
Description
Detects network connections to Cloudflared tunnels domains initiated by a process on the system.
Attackers can abuse that feature to establish a reverse shell or persistence on a machine.
Reference
Date
2024-05-27 00:00:00
Modified
None
Id
7cd1dcdc-6edf-4896-86dc-d1f19ad64903
Tags
attack.exfiltration attack.command_and_control attack.t1567.001 DEMO
Type
Community Rule
Link to Public Repo