AC-Hunter Beacons FQDN
In These Cases, the External IP Address to Which The Internal Host Is Communicating Might Change Over a Short Period
Nearly every aspect of the Beacons FQDN module is the same as what is present in the “Beacons” module. One main difference is the destination information that is displayed. In the Beacons FQDN module, an FQDN (Fully Qualified Domain Name) is displayed for the destination.
Under the FQDN, a “Resolved” line is present. The Resolved line will display any IP addresses that were found to be returned in response to recent DNS queries for the FQDN.
This is useful for identifying malicious beacons or malware that is using a hostname to connect to an external C2 server that is rotating IP addresses in an attempt to evade detection.