1. Home
  2. Detection Strategies
  3. Detection of Dead Drop Resolver

Detection of Dead Drop Resolver

Technique Detected:  Dead Drop Resolver | T1481.001

ID: DET0617
Domains: Mobile
Analytics: AN1675, AN1676
Version: 1.0
Created: 21 October 2025
Last Modified: 21 October 2025
Version Permalink

Analytics

AN1675

Many properly configured firewalls may naturally block command and control traffic.
Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.

Log Sources
Data Component Name Channel
Network Connection Creation (DC0082) Network Traffic None
Network Communication (DC0113) Application Vetting None

AN1676

Many properly configured firewalls may naturally block command and control traffic.
Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.

Log Sources
Data Component Name Channel
Network Connection Creation (DC0082) Network Traffic None
Network Communication (DC0113) Application Vetting None