Threat Advisory Report: Suspicious DNS Queries May 2020

Ensign Labs' DNS anomaly behavioural model detects suspicious DNS queries.

Published on: 19 May 2020

Ensign has observed a pattern of abnormal queries on public DNS servers through its DNS Anomaly Behavioural Model, a proprietary tool of Ensign Labs team. The anomalies included sharp spikes of DNS requests within a short time-frame, and a sequence of suspicious DNS queries with no subsequent TCP/UDP traffic upon resolution of the domain name. Our team of analysts investigated the anomalies further, and the details of the analysis can be found in this report.

Highlights from the advisory include:

  • Insights on the suspicious DNS requests
  • Details of the public web storage site housing the DNS queries
  • Network profile analysis
  • Conclusion and recommendations

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence