Suspicious Domain Name

Description

Triggered when a user visits a suspicious domain name that appears to be algorithmically generated.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Command and Control, Data Exfiltration, Endpoint Compromise

Alert Volume

High

Journey

Stage 6

MITRE ATT&CK Tactics

Reconnaissance
Initial Access
Command and Control

MITRE ATT&CK Techniques

Dynamic Resolution
Phishing for Information
Spearphishing Link
Commonly Used Port
Application Layer Protocol
Domain Generation Algorithms
Spearphishing Link

MITRE Threat Groups

APT41

Data Sources

DNS
Web Proxy