DNS Exfiltration via DNSExfiltrator - Network

Rule Info

Name
DNS Exfiltration via DNSExfiltrator - Network
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects DNS exfiltration activity using the DNSExfiltrator tool, which encodes data in DNS queries using certain encoding.
Reference
https://raxis.com/blog/data-theft-exploit-part-2-dns-exfiltration-attack/
Date
2026-04-02 00:00:00
Modified
None
Id
de1b83a2-a407-417a-9056-52b40a2a1448
Tags
attack.exfiltration attack.t1048.003 attack.command-and-control attack.t1071.004
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022