Versions (2)
Version DetailsCurrent
Rev: 1 • Feb 7, 2024, 12:00 PMET PHISHING ResumeLooter Domain in DNS Lookup (7o .ae)
alert dns $HOME_NET any -> any any (msg:"ET PHISHING ResumeLooter Domain in DNS Lookup (7o .ae)"; dns.query; dotprefix; content:".7o.ae"; nocase; endswith; reference:url,www.group-ib.com/blog/resumelooters/; reference:url,otx.alienvault.com/pulse/65c2755b2b9d2dfe5b6699f9; classtype:social-engineering; sid:2050748; rev:1; metadata:attack_target Client_Endpoint, created_at 2024_02_07, deployment Perimeter, malware_family ResumeLooter, confidence High, signature_severity Major, updated_at 2024_02_07;)
Feb 7, 2024, 12:00 PM
Feb 7, 2024, 12:00 PM
Feb 8, 2024, 12:00 AM
Feb 8, 2024, 12:00 AM
rules/emerging-phishing.rules