DNS Query Request To OneLaunch Update Service

calendar Oct 23, 2025 · attack.credential-access attack.collection attack.t1056  ·
Share on: linkedin copy

Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application. When the OneLaunch application is installed it will attempt to get updates from this domain.

Sigma rule (View on GitHub)

 1title: DNS Query Request To OneLaunch Update Service
 2id: df68f791-ad95-447f-a271-640a0dab9cf8
 3status: test
 4description: |
 5    Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application.
 6    When the OneLaunch application is installed it will attempt to get updates from this domain.    
 7references:
 8    - https://www.malwarebytes.com/blog/detections/pup-optional-onelaunch-silentcf
 9    - https://www.myantispyware.com/2020/12/14/how-to-uninstall-onelaunch-browser-removal-guide/
10    - https://malware.guide/browser-hijacker/remove-onelaunch-virus/
11author: Josh Nickels
12date: 2024-02-26
13tags:
14    - attack.credential-access
15    - attack.collection
16    - attack.t1056
17logsource:
18    category: dns_query
19    product: windows
20detection:
21    selection:
22        QueryName: 'update.onelaunch.com'
23        Image|endswith: '\OneLaunch.exe'
24    condition: selection
25falsepositives:
26    - Unlikely
27level: low

References

  • PUP.Optional.OneLaunch.SILENTCF

    PUP.Optional.OneLaunch.SILENTCF is Malwarebytes' detection name for the potentially unwanted version of the program OneLaunch.


    Read More

  • How to uninstall OneLaunch browser (Removal guide)

    What is OneLaunch OneLaunch is supposed to be a program that will improve the browsing experience, but according to security experts, it is an 'ad-supported' internet browser based on Chromium. Adware is also known as "ad-supported software" is a form of software whose motive is to generate profit for its author. It have various methods


    Read More

  • Remove OneLaunch virus

    OneLaunch is a fork of the Chromium Browser based on Google Chrome, identical to WebNavigatorBrowser, WebFox, and WebDefence. OneLaunch is installed using


    Read More

Related rules

to-top