Rules Contributing to DNS Query to Anonymous File Upload Domains

The following rules are used to identify DNS queries to anonymous file upload platform domains often used for malicious purposes. Any one or more of these will trigger the DNS Query to Anonymous File Upload Domains Alert. Details for each rule can be viewed by clicking the More Details link in the description.

Title

Description

DNS Query to Anonymous File Upload Domains

DNS query to anonymous file upload platform domains often used for malicious purposes.

More details

Rule ID

dns_6

Query

{'selection_domain': {'DnsQuestionName|endswith': ['.anonfiles.com', '.api.put.io', '.upload.put.io', '.ufile.io']}, 'condition': 'selection_domain'}

Log Source

Stellar Cyber Network Events configured.

Rule Source

Developed internally by Stellar Cyber

Tactics, Techniques, and Procedures

TA0010, T1567.002

References

Severity

Suppression Logic Based On

srcip
dns.question.name
stellar.rule_id

Additional Information

Maturity	Creation Date	Risk Level	False Positives
test	2024/12/20	low	Legitimate use of anonymous file sharing services.