DNS Query To Visual Studio Code Tunnels Domain (b3e6418f-7c7a-4fad-993a-93b65027a9f1)

Detects DNS query requests to Visual Studio Code tunnel domains. Attackers can abuse that feature to establish a reverse shell or persistence on a machine.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
DNS Query To Visual Studio Code Tunnels Domain (b3e6418f-7c7a-4fad-993a-93b65027a9f1)	Sigma-Rules	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2