Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
"This analytics rule detects high-risk domain impersonation activity, where newly registered or existing domains closely resemble the legitimate brand name or organizational assets. These suspicious domains may use typosquatting, homoglyphs, or brand keywords to mislead users, steal credentials, or host phishing/malicious content. The domains are identified through CYFIRMA's external threat intelligence feeds and flagged due to potential misuse in impersonation, fraud, or social engineering at
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Cyfirma Brand Intelligence |
| ID | 10bdf525-5b89-4a25-933a-e63e73b915f1 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | ResourceDevelopment, InitialAccess, CommandAndControl |
| Techniques | T1583.001, T1586.002, T1566.002, T1566.001, T1071.003, T1071.001 |
| Required Connectors | CyfirmaBrandIntelligenceAlertsDC |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CyfirmaBIDomainITAssetAlerts_CL |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Cyfirma Brand Intelligence