Suspicious Domain Communication followed by Malware Activity

Description

This threat is generated when a suspicious domain or IP address is visited by a user; after which that user or device starts to display "malware like" activity.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Adversary Tactics, Endpoint Compromise, Insider Threat, Malware

Alert Volume

Low

Journey

Stage 4

Data Sources

Anti-Virus or Anti-Malware
IDS or IPS
DLP
Host-based IDS
DNS
Endpoint Detection and Response
Authentication
Windows Security
Network Communication
Email
Web Proxy