DNS Query Request To OneLaunch Update Service
Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application. When the OneLaunch application is installed it will attempt to get updates from this domain.
Sigma rule (View on GitHub)
1title: DNS Query Request To OneLaunch Update Service
2id: df68f791-ad95-447f-a271-640a0dab9cf8
3status: experimental
4description: |
5 Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application.
6 When the OneLaunch application is installed it will attempt to get updates from this domain.
7references:
8 - https://www.malwarebytes.com/blog/detections/pup-optional-onelaunch-silentcf
9 - https://www.myantispyware.com/2020/12/14/how-to-uninstall-onelaunch-browser-removal-guide/
10 - https://malware.guide/browser-hijacker/remove-onelaunch-virus/
11author: Josh Nickels
12date: 2024-02-26
13tags:
14 - attack.collection
15 - attack.t1056
16logsource:
17 category: dns_query
18 product: windows
19detection:
20 selection:
21 QueryName: 'update.onelaunch.com'
22 Image|endswith: '\OneLaunch.exe'
23 condition: selection
24falsepositives:
25 - Unlikely
26level: low
References
-
PUP.Optional.OneLaunch.SILENTCF is Malwarebytes' detection name for the potentially unwanted version of the program OneLaunch.
Read More -
What is OneLaunch OneLaunch is supposed to be a program that will improve the browsing experience, but according to security experts, it is an 'ad-supported' internet browser based on Chromium. Adware is also known as "ad-supported software" is a form of software whose motive is to generate profit for its author. It have various methods
Read More -
OneLaunch is a fork of the Chromium Browser based on Google Chrome, identical to WebNavigatorBrowser, WebFox, and WebDefence. OneLaunch is installed using
Read More
Related rules
- 7Zip Compressing Dump Files
- ADFS Database Named Pipe Connection By Uncommon Tool
- AWS EC2 VM Export Failure
- Audio Capture
- Audio Capture via PowerShell