Open redirect: U.S. Antarctic Program Data Center (USAP-DC)

calendar Sep 8, 2023  ยท
Share on: linkedin copy

Message contains use of the U.S. Antarctic Program Data Center (USAP-DC) open redirect.

Sublime rule (View on GitHub)

 1name: "Open redirect: U.S. Antarctic Program Data Center (USAP-DC)"
 2description: |
 3      Message contains use of the U.S. Antarctic Program Data Center (USAP-DC) open redirect.
 4type: "rule"
 5severity: "medium"
 6source: |
 7    type.inbound
 8    and any(body.links,
 9            .href_url.domain.root_domain == "usap-dc.org"
10            and .href_url.path =~ "/tracker"
11            and strings.starts_with(.href_url.query_params, "type=dataset&url=http")
12    )    
13attack_types:
14  - "Credential Phishing"
15  - "Malware/Ransomware"
16tactics_and_techniques:
17  - "Open redirect"
18detection_methods:
19  - "URL analysis"
20id: "c499d041-1e95-52a5-bc7e-857376e1a873"
to-top