ET MALWARE Possible APT28 Phishing Domain in DNS Query

SID: 2029717Rev: 30 viewsHistory

Sourceet/open

CreatedMarch 23, 2020

UpdatedNovember 9, 2020

Classificationdomain-c2

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Possible APT28 Phishing Domain in DNS Query"; dns.query; content:"0x4fc271.tk"; nocase; endswith; classtype:domain-c2; sid:2029717; rev:3; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2020_03_23, deployment Perimeter, confidence High, signature_severity Major, updated_at 2020_11_09;)

Metadata

affected productWeb_Browsers

attack targetClient_Endpoint

created at2020_03_23

deploymentPerimeter

confidenceHigh

signature severityMajor

updated at2020_11_09

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!