Detect DNS Requests To Phishing Sites Leveraging Evilginx2
This search looks for DNS requests for phishing domains that are leveraging EvilGinx tools to mimic websites.
Detect DNS Requests To Phishing Sites Leveraging Evilginx2 Help
You need to ingest data from your DNS logs in the Network_Resolution datamodel. Specifically you must ingest the domain that is being queried and the IP of the host originating the request. Ideally, you should also be ingesting the answer to the query and the query type. This approach allows you to also create your own localized passive DNS capability which can aid you in future investigations. You will have to add legitimate domain names to the
Open in Search