ET TA_ABUSED_SERVICES Observed Commonly Abused Domain (blogattach .naver .com in TLS SNI)

7.0.35.0SID: 2035890Rev: 4Disabled0 views
Sourceet/open
Fileemerging-ta_abused_services.rules
CreatedApril 11, 2022
UpdatedJune 27, 2024
Classificationbad-unknown
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TA_ABUSED_SERVICES Observed Commonly Abused Domain (blogattach .naver .com in TLS SNI)"; flow:established,to_server; tls.sni; bsize:20; content:"blogattach.naver.com"; fast_pattern; classtype:bad-unknown; sid:2035890; rev:4; metadata:attack_target Client_Endpoint, created_at 2022_04_11, deployment Perimeter, former_category INFO, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_06_27;)

Metadata

attack targetClient_Endpoint
created at2022_04_11
deploymentPerimeter
former categoryINFO
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_06_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!