THL-ARPA-001 DNS Query to the victim organization Instana OCP Tenant - Potential Unauthorized Collector Activity
Sourcehunters-ledger
Filehunters-ledger.rules
CreatedJuly 5, 2026
UpdatedJuly 5, 2026
Classificationpolicy-violation
alert dns $HOME_NET any -> any any (msg:"THL-ARPA-001 DNS Query to the victim organization Instana OCP Tenant - Potential Unauthorized Collector Activity"; dns.query; content:"ocpinstana.[victim-domain].com.tr"; nocase; threshold:type limit, track by_src, count 1, seconds 300 ; sid:3500100; rev:1; classtype:policy-violation; metadata:author The_Hunters_Ledger, campaign Turkish-ARPA-State-Insurer, created 2026-05-26, mitre_attack T1071.001;)
Metadata
authorThe_Hunters_Ledger
campaignTurkish-ARPA-State-Insurer
created2026-05-26
mitre attackT1071.001
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!