ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
Sourceet/open
CreatedApril 8, 2020
UpdatedDecember 23, 2021
Classificationcredential-theft
alert dns $HOME_NET any -> any any (msg:"ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain"; dns.query; content:".microransom.us"; nocase; endswith; threshold:type limit, track by_src, count 1, seconds 120; classtype:credential-theft; sid:2029836; rev:3; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2020_04_08, deployment Perimeter, confidence High, signature_severity Minor, updated_at 2021_12_23, reviewed_at 2024_05_06;)
Metadata
affected productAny
attack targetClient_Endpoint
created at2020_04_08
deploymentPerimeter
confidenceHigh
signature severityMinor
updated at2021_12_23
reviewed at2024_05_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!