ET TA_ABUSED_SERVICES Observed Commonly Abused Domain (blogattach .naver .com in TLS SNI)
Sourceet/open
Fileemerging-ta_abused_services.rules
CreatedApril 11, 2022
UpdatedJune 27, 2024
Classificationbad-unknown
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TA_ABUSED_SERVICES Observed Commonly Abused Domain (blogattach .naver .com in TLS SNI)"; flow:established,to_server ; tls.sni; bsize:20; content:"blogattach.naver.com"; fast_pattern; classtype:bad-unknown; sid:2035890; rev:4; metadata:attack_target Client_Endpoint, created_at 2022_04_11, deployment Perimeter, former_category INFO, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_06_27;)
Metadata
attack targetClient_Endpoint
created at2022_04_11
deploymentPerimeter
former categoryINFO
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_06_27
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!