DNS Query To Katz Stealer Domains

Rule Info

Name
DNS Query To Katz Stealer Domains
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects DNS queries to domains associated with Katz Stealer malware. Katz Stealer is a malware variant that is known to be used for stealing sensitive information from compromised systems. In Enterprise environments, DNS queries to these domains may indicate potential malicious activity or compromise.
Reference
Internal Research
Date
2025-05-22 00:00:00
Modified
None
Id
9c3d6e32-f4c8-4d73-8b8f-95c3b383a13c
Tags
attack.command-and-control attack.t1071.004 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=9c3d6e32-f4c8-4d73-8b8f-95c3b383a13c

Rule History

Author
Title
Date
Commit
Swachchhanda Shrawan Poudel
Merge PR #5429 from @swachchhanda000 - Katz stealer malware
2025-05-26
585bd7d48
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022