ET PHISHING Office 365 Credential Harvesting Domain (rightofcourse .com) in TLS SNI

SID: 2043176Rev: 20 views
History
Sourceet/open
CreatedJanuary 3, 2023
UpdatedSeptember 23, 2024
Classificationsocial-engineering
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING Office 365 Credential Harvesting Domain (rightofcourse .com) in TLS SNI"; flow:established,to_server; tls.sni; content:"rightofcourse.com"; bsize:17; fast_pattern; reference:url,infosec.exchange/@rmceoin/109604157428550003; classtype:social-engineering; sid:2043176; rev:2; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2023_01_03, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_09_23, reviewed_at 2024_09_23, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1071, mitre_technique_name Application_Layer_Protocol;)

References

urlinfosec.exchange/@rmceoin/109604157428550003

Metadata

affected productAny
attack targetClient_Endpoint
created at2023_01_03
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_09_23
reviewed at2024_09_23
mitre tactic idTA0011
mitre tactic nameCommand_And_Control
mitre technique idT1071
mitre technique nameApplication_Layer_Protocol

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!