Techniques
Sample rules
DNS Query for Anonfiles.com Domain - Sysmon
- source: sigma
- technicques:
- t1567
- t1567.002
Description
Detects DNS queries for “anonfiles.com”, which is an anonymous file upload platform often used for malicious purposes
Detection logic
condition: selection
selection:
QueryName|contains: .anonfiles.com
DNS Query for Anonfiles.com Domain - DNS Client
- source: sigma
- technicques:
- t1567
- t1567.002
Description
Detects DNS queries for anonfiles.com, which is an anonymous file upload platform often used for malicious purposes
Detection logic
condition: selection
selection:
EventID: 3008
QueryName|contains: .anonfiles.com