Skip to content

DET0617 Detection of Dead Drop Resolver

Item Value
ID DET0617
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1481.001 (Dead Drop Resolver)

Analytics

Android

AN1675

Many properly configured firewalls may naturally block command and control traffic. Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.

Log Sources
Data Component Name Channel
Network Connection Creation (DC0082) Network Traffic None
Network Communication (DC0113) Application Vetting None
Mutable Elements
Field Description

iOS

AN1676

Many properly configured firewalls may naturally block command and control traffic. Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.

Log Sources
Data Component Name Channel
Network Connection Creation (DC0082) Network Traffic None
Network Communication (DC0113) Application Vetting None
Mutable Elements
Field Description