DNS lookup for paste service
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Paste sites such as pastebin.com can be used by attackers to host malicious scripts, configuration files, and other text data. The files are then downloaded to the host using a network utility such as wget or curl. These sites may also be used to exfiltrate data.
Strategy
Detect when a process performs a DNS lookup for a paste site.
Triage and response
- Check if the application
{{@process.executable.name}} is expected to make connections to {{@dns.question.name}}. - If the DNS lookup is unexpected, contain the host or container and roll back to a known good configuration.
- Follow your organization’s internal processes for investigating and remediating compromised systems.
Requires Agent version 7.36 or greater
