Skip to main content

Traffic from multiple sources to a unique young domain

ID:unique_young_domain_volume
Data type:DNS,HTTP
Severity:
Medium
MITRE ATT&CK:TA0001:T1566

Description

AlphaSOC detected network traffic to a unique, recently registered domain. Newly registered domains are frequently used in spearphishing campaigns to evade detection.

Impact

Traffic to a suspicious new domain from multiple sources may indicate that a threat actor is attempting to infiltrate the network. Techniques such as spearphishing with malicious attachments are often used by threat actors to gain initial access to victim's system.

Severity

SeverityCondition
Medium
Traffic from multiple sources to a unique young domain

Investigation and Remediation

Investigate the affected systems. If malicious activity is confirmed, isolate affected systems, terminate unauthorized connections, and perform a thorough forensic analysis. To prevent future occurrences, update DNS monitoring and filtering mechanisms to detect and block traffic to known malicious domains.

Known False Positives

  • Legitimate but rarely used applications or services
  • Users accessing niche websites
  • New software or services not yet widely adopted within the organization