Beaconing to a suspicious domain
Description
AlphaSOC detected network traffic to a suspicious domain that may signal malicious activity. The domain exhibits characteristics commonly associated with cyber threats, including recent registration, poor reputation scores, brand spoofing patterns, or rare occurrence in legitimate traffic. This behavior could indicate spear phishing attempts, malware distribution, or command and control (C2) communications.
Impact
Traffic to a suspicious domain may indicate an ongoing attack. Adversaries set up domains online to capture credentials via phishing, distribute malware, and run C2 infrastructure to interact with infected hosts.
Severity
Severity | Condition |
---|---|
Low | Traffic to a suspicious domain |
Medium | Beaconing to a suspicious domain |
Medium | Multiple requests to suspicious domains |
Medium | Traffic to a likely malicious domain |
Medium | Traffic to a suspicious domain containing a brand name |
High | Traffic to a young suspicious domain containing a brand name |
Investigation and Remediation
Analyze the traffic patterns and identify affected systems. If malicious activity is confirmed, isolate the affected systems and block the suspicious domains. Conduct a thorough security assessment to identify and remove malware, and to identify potential data loss.
Known False Positives
- Legitimate traffic to newly registered domains or less common websites