Techniques
Sample rules
DNS Query To Ufile.io - DNS Client
- source: sigma
- technicques:
- t1567
- t1567.002
Description
Detects DNS queries to “ufile.io”, which was seen abused by malware and threat actors as a method for data exfiltration
Detection logic
condition: selection
selection:
EventID: 3008
QueryName|contains: ufile.io
DNS Query To Ufile.io
- source: sigma
- technicques:
- t1567
- t1567.002
Description
Detects DNS queries to “ufile.io”, which was seen abused by malware and threat actors as a method for data exfiltration
Detection logic
condition: selection
selection:
QueryName|contains: ufile.io