Traffic to a destination TLD commonly associated with malware
Description
AlphaSOC detected network traffic to a destination under a top-level domain (TLD) commonly associated with malware, phishing, or command and control (C2) communications.
Impact
Traffic to suspicious TLDs may indicate a successful malware infection or ongoing compromise attempts. Threat actors often leverage uncommon or newly introduced TLDs to host malicious infrastructure because these domains are typically cheaper and less scrutinized.
Severity
Severity | Condition |
---|---|
Informational | Traffic to a destination TLD commonly associated with malware |
Investigation and Remediation
Inspect the domain that was flagged as a suspicious TLD and examine the associated traffic. If malware is confirmed, isolate the infected system, perform a malware scan, and block the domain at the network level.
Known False Positives
- Traffic to a legitimate but less common TLD used by small countries or specific industries