ET PHISHING Possible Successful Phish to Afraid.org Top 100 Dynamic DNS Domain

SID: 2030174Rev: 10 views
History
Sourceet/open
CreatedMay 18, 2020
UpdatedMay 18, 2020
Classificationcredential-theft
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING Possible Successful Phish to Afraid.org Top 100 Dynamic DNS Domain"; flow:to_server,established; flowbits:isset,ET.genericphish; http.method; content:"POST"; http.host; pcre:"/\.(?:s(?:tr(?:eetdirectory\.co\.id|angled\.net)|(?:at(?:dv\.net|-dv)|vlen)\.ru(?:pacetechnology\.ne|oon\.i)t|hop\.tm|uka\.se)|c(?:(?:hickenkiller|rabdance)\.com|o(?:ntinent\.kz|alnet\.ru)|sproject\.org|c\.st|f\.gs)|m(?:i(?:ne(?:craftn(?:ation\.net|oob\.com)|\.bz)|l\.nf)|ooo\.(?:info|com)|adhacker\.biz)|t(?:h(?:emafia\.info|cgirls\.com)|wilightparadox\.com|ime4film\.ru|ruecsi\.org|28\.net)|a(?:(?:(?:vangardkennel|gropeople)\.r|buser\.e)u|ntongorbunov\.com|llowed\.org|x\.lt)|h(?:a(?:ck(?:quest\.com|ed\.jp)|ppyforever\.com)|ome(?:net\.or|\.k)g|-o-s-t\.name)|p(?:(?:rivatedns|sybnc|ort0|wnz)\.org|(?:hoto-frame|irat3)\.com|unked\.us)|i(?:n(?:fo\.(?:gf|tm)|c\.gs)|gnorelist\.com|iiii\.info|z\.rs)|b(?:i(?:gbox\.info|z\.tm)|yte4byte\.com|ot\.nu|rb\.dj)|d(?:earabba\.org|-n-s\.name|alnet\.ca|ynet\.com)|(?:w(?:ith-linux|hynotad)|3dxtras|ohbah)\.com|u(?:n(?:do\.it|i\.cx)|k\.(?:is|to)|s\.to)|v(?:(?:erymad\.ne|r\.l)t|ietnam\.ro)|r(?:o(?:ot\.sx|\.lt)|-o-o-t\.net)|n(?:eon\.org|ow\.im|a\.tl|x\.tc)|j(?:umpingcrab\.com|avafaq\.nu)|f(?:(?:art|ram)ed\.net|tp\.sh)|(?:k(?:ir22\.r|\.v)|69\.m)u|l(?:inux[dx]\.org|eet\.la)|e(?:vils\.in|z\.lv)|(?:24-7\.r|qc\.t)o|(?:55|gw)\.lt|1337\.cx)(?:\x3a\d{1,5})?$/"; classtype:credential-theft; sid:2030174; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2020_05_18, deployment Perimeter, confidence Medium, signature_severity Critical, tag Phishing, updated_at 2020_05_18, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)

Metadata

affected productWeb_Browsers
attack targetClient_Endpoint
created at2020_05_18
deploymentPerimeter
confidenceMedium
signature severityCritical
tagPhishing
updated at2020_05_18
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1566
mitre technique namePhishing

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!