DNS Query Request To OneLaunch Update Service

calendar Feb 26, 2024 · attack.collection attack.t1056  ·
Share on: linkedin copy

Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application. When the OneLaunch application is installed it will attempt to get updates from this domain.

Sigma rule (View on GitHub)

 1title: DNS Query Request To OneLaunch Update Service
 2id: df68f791-ad95-447f-a271-640a0dab9cf8
 3status: experimental
 4description: |
 5    Detects DNS query requests to "update.onelaunch.com". This domain is associated with the OneLaunch adware application.
 6    When the OneLaunch application is installed it will attempt to get updates from this domain.    
 7references:
 8    - https://www.malwarebytes.com/blog/detections/pup-optional-onelaunch-silentcf
 9    - https://www.myantispyware.com/2020/12/14/how-to-uninstall-onelaunch-browser-removal-guide/
10    - https://malware.guide/browser-hijacker/remove-onelaunch-virus/
11author: Josh Nickels
12date: 2024/02/26
13tags:
14    - attack.collection
15    - attack.t1056
16logsource:
17    category: dns_query
18    product: windows
19detection:
20    selection:
21        QueryName: 'update.onelaunch.com'
22        Image|endswith: '\OneLaunch.exe'
23    condition: selection
24falsepositives:
25    - Unlikely
26level: low

References

  • PUP. | Malwarebytes Labs

    PUP.(Optional) is a category of Malwarebytes detections that applies to potentially unwanted programs (PUPs).


    Read More

  • How to uninstall OneLaunch browser (Removal guide)

    What is OneLaunch OneLaunch is supposed to be a program that will improve the browsing experience, but according to security experts, it is an 'ad-supported' internet browser based on Chromium. Adware is also known as "ad-supported software" is a form of software whose motive is to generate profit for its author. It have various methods


    Read More

  • Remove OneLaunch virus

    OneLaunch is a fork of the Chromium Browser based on Google Chrome, identical to WebNavigatorBrowser, WebFox, and WebDefence. OneLaunch is installed using


    Read More

Related rules

to-top