Sigma
Sigma rules for CVE-2007-5660
1 rules · scoped to cve · back to CVE-2007-5660
Direct rules mention this entity in their title or description. Related rules cover the techniques this entity is known to use.
◈
Detection rules
1 of 1
direct
low
DNS Query Request To OneLaunch Update Service
Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application.
When the OneLaunch application is installed it will attempt to get updates from this domain.
view Sigma YAML
title: DNS Query Request To OneLaunch Update Service
id: df68f791-ad95-447f-a271-640a0dab9cf8
status: test
description: |
Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application.
When the OneLaunch application is installed it will attempt to get updates from this domain.
references:
- https://www.malwarebytes.com/blog/detections/pup-optional-onelaunch-silentcf
- https://www.myantispyware.com/2020/12/14/how-to-uninstall-onelaunch-browser-removal-guide/
- https://malware.guide/browser-hijacker/remove-onelaunch-virus/
author: Josh Nickels
date: 2024-02-26
tags:
- attack.credential-access
- attack.collection
- attack.t1056
logsource:
category: dns_query
product: windows
detection:
selection:
QueryName: 'update.onelaunch.com'
Image|endswith: '\OneLaunch.exe'
condition: selection
falsepositives:
- Unlikely
level: low
Showing 1-1 of 1