title: Detect Activity to Known Malicious Indicator - https://mytaxclientcopy.com/xlab22.hta
id: auto-bdd927056b6fb7785ad629bf2b565fb7508fa6125691deae1972ab977584b63a
status: experimental
description: Detects traffic or activity related to https://mytaxclientcopy.com/xlab22.hta which is a known malicious url.
logsource:
  category: proxy
detection:
  selection:
    c-uri:
      - '*https://mytaxclientcopy.com/xlab22.hta*'
  condition: selection
level: high
tags:
  - attack.t1218.005
  - source.URLhaus
---
title: Detect Activity to Known Malicious Indicator - malicious-example.com
id: auto-0c021e2cae67c1a6a6efc9d1d57f809691466352e7d6b1b0cd7d0ffa12413df0
status: experimental
description: Detects traffic or activity related to malicious-example.com which is a known malicious domain.
logsource:
  category: dns
detection:
  selection:
    query:
      - '*malicious-example.com*'
  condition: selection
level: high
tags:
  - attack.t1566
  - source.OTX