Rules Contributing to Phishing Domain with File Extension TLD
The following rules are used to identify DNS queries to TLDs that resemble file extensions. Any one or more of these will trigger the Phishing Domain with File Extension TLD Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
Phishing Domain with File Extension TLD |
DNS query to TLDs that resemble file extensions. Attackers may use these TLDs for phishing. More details
Rule IDQuery{'selection_domain': {'DnsQuestionName|endswith': ['.zip', '.mov']}, 'condition': 'selection_domain'} Log SourceStellar Cyber Network Events configured. Rule SourceDeveloped internally by Stellar Cyber Tactics, Techniques, and ProceduresReferencesSeverity30 Suppression Logic Based On
Additional Information
|