Versions (4)
Version DetailsCurrent
Rev: 2 • May 12, 2020, 12:00 PMET POLICY NEPHILIM Ransomware Victim Publishing Site DNS Lookup (corpleaks .net)
alert dns $HOME_NET any -> any any (msg:"ET POLICY NEPHILIM Ransomware Victim Publishing Site DNS Lookup (corpleaks .net)"; dns.query; content:"corpleaks.net"; nocase; bsize:13; reference:url,app.any.run/tasks/c8d61923-ae7c-42e4-9b92-f4be92b2b04e; classtype:policy-violation; sid:2030161; rev:2; metadata:attack_target Client_Endpoint, created_at 2020_05_12, deployment Perimeter, confidence High, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_17, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)
May 12, 2020, 12:00 PM
Nov 17, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 18, 2025, 8:36 PM
rules/emerging-policy.rules