Open lucamosca1 opened 1 year ago
What specifically is malicious about this domain?
GuardDuty details says: EC2 instance i-XXX is querying a domain name associated with a known Command & Control server.
Evidence: Threat intelligence details Threat IP list CrowdStrike Threat names PdfCaptchaLure21
Hi there! Today we've been warned by AWS GuardDuty that one of our internal dns tried to resolve this harmful domain