Skip to main content

Traffic to an unusual DNS resolver

ID:unusual_dns_resolver
Data type:IP
Severity:
Low
MITRE ATT&CK:TA0005:T1562

Description

AlphaSOC detected network traffic to an unusual DNS resolver. Threat actors may attempt to use custom DNS servers to redirect traffic and bypass security controls.

Impact

Redirecting traffic to an unusual DNS resolver enables threat actors to carry out attacks such as phishing, malware distribution, or data exfiltration, all while evading detection.

Severity

SeverityCondition
Low
Traffic to an unusual DNS resolver

Investigation and Remediation

Review logs for unusual DNS traffic patterns and identify any DNS configuration changes to determine whether the modification is authorized. If unauthorized activity is confirmed, reset DNS settings to trusted resolvers and conduct a thorough security assessment to identify potential compromises or data breaches.