Add additional medium confidence Operation Triangulation domains according to JARM fingerprint

mvt-project / mvt-indicators

Index and collection of MVT compatibile indicators of compromise.

MIT License

61 stars 18 forks source link

Add additional medium confidence Operation Triangulation domains according to JARM fingerprint #10

Open TinySecShell opened 11 months ago

TinySecShell commented 11 months ago

Add additional medium confidence Operation Triangulation domains Identify Operation Triangulation Malicious Servers with JARM fingerprint

Te-k commented 11 months ago

Do you have a reference of a publication mentioning these domains? Or is it coming from your own work?

TinySecShell commented 11 months ago

Yes, this is my own work. I have been interested in this matter since kaspersky released related domains You can refer to the following rules: "HTTP/1.1 404 Not Found" && cert="Organizational Unit: CloudFlare Origin SSL Certificate Authority" && jarm="2ad2ad20d2ad2ad22c2ad2ad2ad2adfb5de881cc847e53e47fc6dd40b422b0" && "Content-Length: 162"