Skip to main content

Traffic to an unknown young domain

ID:young_domain
Data type:DNS, HTTP
Severity:
Informational
MITRE ATT&CK:TA0011:T1071

Description

AlphaSOC detected network traffic to a domain that was registered less than 60 days ago and is not well-known. Newly registered domains are often used by threat actors for malicious purposes, such as phishing, malware distribution, or command and control (C2) servers.

Impact

Communication with newly registered, unknown domains can indicate potential compromise of systems within the network. These domains may serve as C2 servers, allowing attackers to maintain persistence or exfiltrate data. This activity could lead to data breaches or system manipulation.

Severity

SeverityCondition
Informational
Traffic to a young domain

Investigation and Remediation

Review the domain that was flagged as a young domain and examine the traffic, including the volume and the specific data exchanged. If you suspect traffic to a malicious domain, block the domain at the network level.

Known False Positives

  • Traffic to a new legitimate domain