Known Forest Blizzard group domains - July 2019

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Matches domain name IOCs related to Forest Blizzard group activity published July 2019 with CommonSecurityLog, DnsEvents and VMConnection dataTypes. References: https://blogs.microsoft.com/on-the-issues/2019/07/17/new-cyberthreats-require-new-ways-to-protect-democracy/.

Attribute	Value
Type	Analytic Rule
Solution	Standalone Content
ID	074ce265-f684-41cd-af07-613c5f3e6d0d
Severity	High
Kind	Scheduled
Tactics	CommandAndControl
Techniques	T1071
Required Connectors	DNS, AzureMonitor(VMInsights), CiscoASA, PaloAltoNetworks, AzureFirewall, Zscaler, InfobloxNIOS, GCPDNSDataConnector, NXLogDnsLogs, CiscoUmbrellaDataConnector, Corelight
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules