Potentially Suspicious File Download From ZIP TLD

Rule Info

Name
Potentially Suspicious File Download From ZIP TLD
Author
Florian Roth (Nextron Systems)
Description
Detects the download of a file with a potentially suspicious extension from a .zip top level domain.
Date
2023-05-18 00:00:00
Modified
None
Id
0bb4bbeb-fe52-4044-b40c-430a04577ebe
Tags
attack.defense-evasion
Type
Community Rule

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
github-actions[bot]
Merge PR #4791 from @nasbench - Promote older rules status from `experimental` to `test`
2024-04-01
Nasreddine Bencherchali
feat: add more extensions and fix metadata
2023-05-18
Florian Roth
docs: add url
2023-05-18
Florian Roth
.zip domain stream hash - file type download
2023-05-18