ET INFO Abused File Sharing/CRM Platform in DNS Lookup (pipedrive-files-*-pipedrive .com .s3 .* .amazonaws .com) - Suricata Rule 2052705 (et/open)

ET INFO Abused File Sharing/CRM Platform in DNS Lookup (pipedrive-files--pipedrive .com .s3 . .amazonaws .com)

SID: 2052705Rev: 11 viewsHistory

Sourceet/open

CreatedMay 16, 2024

UpdatedMay 16, 2024

Classificationmisc-activity

alert dns any any -> $EXTERNAL_NET any (msg:"ET INFO Abused File Sharing/CRM Platform in DNS Lookup (pipedrive-files-*-pipedrive .com .s3 .* .amazonaws .com)"; dns.query; content:"pipedrive-files-"; startswith; pcre:"/^[a-z]{3}-\d{1,2}/R"; content:"-pipedrive-com.s3"; within:24; fast_pattern; content:".amazonaws.com"; endswith; classtype:misc-activity; sid:2052705; rev:1; metadata:affected_product Any, attack_target Client_and_Server, tls_state plaintext, created_at 2024_05_16, deployment Perimeter, performance_impact Low, confidence High, signature_severity Informational, tag TA_Abused_Service, updated_at 2024_05_16;)

Metadata

affected productAny

attack targetClient_and_Server

tls stateplaintext

created at2024_05_16

deploymentPerimeter

performance impactLow

confidenceHigh

signature severityInformational

tagTA_Abused_Service

updated at2024_05_16

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!