ET PHISHING DNS Lookup for Possible Common Brand Phishing Hosted on Legitimate Windows Service

SID: 2026486Rev: 100 views
History
Sourceet/open
CreatedOctober 15, 2018
UpdatedNovember 17, 2020
Classificationpolicy-violation
alert dns $HOME_NET any -> any any (msg:"ET PHISHING DNS Lookup for Possible Common Brand Phishing Hosted on Legitimate Windows Service"; dns.query; content:".core.windows.net"; endswith; pcre:"/^(?:d(?:(?:ocu|uco)sign|ropbox)|o(?:ffice365|nedrive)|adobe|gdoc)/"; pcre:!"/^onedrivecl[a-z]{2}prod[a-z]{2}[0-9]{5}\./"; classtype:policy-violation; sid:2026486; rev:10; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2018_10_15, deployment Perimeter, confidence Medium, signature_severity Minor, tag Phishing, updated_at 2020_11_17;)

Metadata

affected productWeb_Browsers
attack targetClient_Endpoint
created at2018_10_15
deploymentPerimeter
confidenceMedium
signature severityMinor
tagPhishing
updated at2020_11_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!