4 months ago
Aug 21st, 2023
BEC/Fraud Credential Phishing Malware/Ransomware Header analysis Sender analysis BEC/Fraud Credential Phishing Malware/Ransomware Header analysis Sender analysis /feeds/core/detection-rules/anonymousfox-indicators-2506206e Attachment: Adobe branded PDF file linking to a password-protected file from first-time sender
2 months ago
Oct 4th, 2023
Malware/Ransomware Encryption Evasion Impersonation: Brand PDF Archive analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis Malware/Ransomware Encryption Evasion Impersonation: Brand PDF Archive analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis /feeds/core/detection-rules/attachment-adobe-branded-pdf-file-linking-to-a-password-protected-file-from-first-time-sender-5ea75469 Attachment: Adobe image lure with suspicious link
Malware/Ransomware Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis Malware/Ransomware Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis /feeds/core/detection-rules/attachment-adobe-image-lure-with-suspicious-link-1d7add81 Attachment: Any HTML file (first-time sender)
18 days ago
Nov 21st, 2023
HTML smuggling HTML analysis Sender analysis HTML smuggling HTML analysis Sender analysis /feeds/core/detection-rules/attachment-any-html-file-first-time-sender-57a8f5c5 Attachment: Any HTML file (unsolicited)
25 days ago
Nov 14th, 2023
HTML smuggling File analysis HTML analysis Sender analysis HTML smuggling File analysis HTML analysis Sender analysis /feeds/core/detection-rules/attachment-any-html-file-unsolicited-ef36763f Attachment: Any HTML file within archive (unsolicited)
25 days ago
Nov 14th, 2023
Credential Phishing Malware/Ransomware Evasion HTML smuggling Archive analysis File analysis Credential Phishing Malware/Ransomware Evasion HTML smuggling Archive analysis File analysis /feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c Attachment: Archive containing disallowed file type
25 days ago
Nov 14th, 2023
Malware/Ransomware Evasion Archive analysis File analysis Malware/Ransomware Evasion Archive analysis File analysis /feeds/core/detection-rules/attachment-archive-containing-disallowed-file-type-3859e3e7 Attachment: Archive contains DLL-loading macro
3 months ago
Sep 11th, 2023
Malware/Ransomware Exploit LNK Macros Scripting Archive analysis File analysis Macro analysis YARA Malware/Ransomware Exploit LNK Macros Scripting Archive analysis File analysis Macro analysis YARA /feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f Attachment: Archive with embedded CHM file
4 months ago
Aug 21st, 2023
Malware/Ransomware Evasion Archive analysis File analysis Malware/Ransomware Evasion Archive analysis File analysis /feeds/core/detection-rules/attachment-archive-with-embedded-chm-file-5280e94d Attachment: Archive with embedded EXE file
4 months ago
Aug 21st, 2023
Malware/Ransomware Evasion Archive analysis File analysis YARA Malware/Ransomware Evasion Archive analysis File analysis YARA /feeds/core/detection-rules/attachment-archive-with-embedded-exe-file-e2b0ad86 Attachment: Archive with pdf, txt and wsf files
4 months ago
Aug 21st, 2023
Malware/Ransomware Evasion PDF Archive analysis File analysis Malware/Ransomware Evasion PDF Archive analysis File analysis /feeds/core/detection-rules/attachment-archive-with-pdf-txt-and-wsf-files-16b2e239 Attachment: Callback Phishing solicitation via image file
Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 Attachment: Callback Phishing solicitation via pdf file
Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097 Attachment: .csproj with suspicious commands
4 months ago
Aug 17th, 2023
Malware/Ransomware Evasion Scripting File analysis Malware/Ransomware Evasion Scripting File analysis /feeds/core/detection-rules/attachment-csproj-with-suspicious-commands-fe45b81d Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
4 months ago
Aug 21st, 2023
Malware/Ransomware Exploit Macros Scripting Archive analysis Content analysis File analysis Macro analysis OLE analysis Malware/Ransomware Exploit Macros Scripting Archive analysis Content analysis File analysis Macro analysis OLE analysis /feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f Attachment: CVE-2023-21716 - Microsoft Office Remote Code Execution Vulnerability
4 months ago
Aug 21st, 2023
Malware/Ransomware Exploit Content analysis File analysis Malware/Ransomware Exploit Content analysis File analysis /feeds/core/detection-rules/attachment-cve-2023-21716-microsoft-office-remote-code-execution-vulnerability-23714cca Attachment: DocuSign image lure with no DocuSign domains in links
12 days ago
Nov 27th, 2023
Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL screenshot Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL screenshot /feeds/core/detection-rules/attachment-docusign-image-lure-with-no-docusign-domains-in-links-814a5694 Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d
a month ago
Oct 26th, 2023
Credential Phishing Impersonation: Brand PDF Social engineering Header analysis Sender analysis URL analysis File analysis Computer Vision Whois Credential Phishing Impersonation: Brand PDF Social engineering Header analysis Sender analysis URL analysis File analysis Computer Vision Whois /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment
2 months ago
Oct 4th, 2023
Malware/Ransomware Credential Phishing Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Sender analysis Malware/Ransomware Credential Phishing Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Sender analysis /feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b Attachment: Dropbox image lure with no Dropbox domains in links
Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Optical Character Recognition Sender analysis Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Optical Character Recognition Sender analysis /feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d Attachment: EICAR String Present
4 months ago
Aug 21st, 2023
Malware/Ransomware File analysis Malware/Ransomware File analysis /feeds/core/detection-rules/attachment-eicar-string-present-592e2319 Attachment: Embedded Javascript in SVG file (unsolicited)
2 months ago
Oct 4th, 2023
Malware/Ransomware Scripting Archive analysis File analysis Sender analysis XML analysis Malware/Ransomware Scripting Archive analysis File analysis Sender analysis XML analysis /feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-unsolicited-f70293bc Attachment: Embedded VBScript in MHT file (unsolicited)
2 months ago
Oct 4th, 2023
Malware/Ransomware Evasion Scripting Archive analysis File analysis HTML analysis Sender analysis Malware/Ransomware Evasion Scripting Archive analysis File analysis HTML analysis Sender analysis /feeds/core/detection-rules/attachment-embedded-vbscript-in-mht-file-unsolicited-b30353a6 Attachment: EML file contains HTML attachment with login portal indicators
2 months ago
Oct 19th, 2023
Credential Phishing Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Javascript analysis Sender analysis Credential Phishing Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Javascript analysis Sender analysis /feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158 Attachment: EML file with HTML attachment (unsolicited)
25 days ago
Nov 14th, 2023
Credential Phishing Malware/Ransomware Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Sender analysis Credential Phishing Malware/Ransomware Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Sender analysis /feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191 Attachment: EML file with IPFS links
23 days ago
Nov 16th, 2023
Credential Phishing Evasion Free file host Free subdomain host IPFS File analysis URL analysis Credential Phishing Evasion Free file host Free subdomain host IPFS File analysis URL analysis /feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7 Attachment: EML with link to credential phishing page
17 days ago
Nov 22nd, 2023
Credential Phishing Evasion Free file host Free subdomain host Social engineering Computer Vision Content analysis File analysis Header analysis HTML analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot Credential Phishing Evasion Free file host Free subdomain host Social engineering Computer Vision Content analysis File analysis Header analysis HTML analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca Attachment: Emotet heavily padded doc in zip file
2 months ago
Oct 4th, 2023
Malware/Ransomware Evasion Archive analysis Content analysis Exif analysis File analysis Sender analysis Malware/Ransomware Evasion Archive analysis Content analysis Exif analysis File analysis Sender analysis /feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed Attachment: Encrypted Microsoft Office file (unsolicited)
Malware/Ransomware Encryption Macros Scripting Archive analysis File analysis OLE analysis Sender analysis Malware/Ransomware Encryption Macros Scripting Archive analysis File analysis OLE analysis Sender analysis /feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953 Attachment: Excel Web Query File (IQY)
4 months ago
Aug 21st, 2023
Credential Phishing Malware/Ransomware Evasion Archive analysis File analysis Credential Phishing Malware/Ransomware Evasion Archive analysis File analysis /feeds/core/detection-rules/attachment-excel-web-query-file-iqy-510412b5 Attachment: Fake Slack installer
10 days ago
Nov 29th, 2023
Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f Attachment: Fake Zoom installer
10 days ago
Nov 29th, 2023
Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 Attachment: File execution via Javascript
25 days ago
Nov 14th, 2023
Malware/Ransomware Evasion Scripting Archive analysis File analysis Javascript analysis Sender analysis Malware/Ransomware Evasion Scripting Archive analysis File analysis Javascript analysis Sender analysis /feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1 Attachment: Filename Containing Unicode Right-to-Left Override Character
4 months ago
Aug 21st, 2023
Malware/Ransomware Evasion Archive analysis File analysis Malware/Ransomware Evasion Archive analysis File analysis /feeds/core/detection-rules/attachment-filename-containing-unicode-right-to-left-override-character-357c57a1 Attachment: HTML Attachment with Javascript location
4 months ago
Aug 21st, 2023
Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis /feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295 Attachment: HTML Attachment with Login Portal Indicators
23 days ago
Nov 17th, 2023
Credential Phishing HTML smuggling Scripting Archive analysis File analysis HTML analysis Javascript analysis Sender analysis Credential Phishing HTML smuggling Scripting Archive analysis File analysis HTML analysis Javascript analysis Sender analysis /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 Attachment: HTML file contains exclusively Javascript
4 months ago
Aug 21st, 2023
Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis /feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168 Attachment: HTML file with excessive padding and suspicious patterns
4 months ago
Aug 21st, 2023
Credential Phishing Malware/Ransomware Evasion HTML smuggling File analysis HTML analysis YARA Credential Phishing Malware/Ransomware Evasion HTML smuggling File analysis HTML analysis YARA /feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e Attachment: HTML file with reference to recipient and suspicious patterns
4 months ago
Aug 21st, 2023
Credential Phishing HTML smuggling Scripting Content analysis File analysis HTML analysis Javascript analysis YARA Credential Phishing HTML smuggling Scripting Content analysis File analysis HTML analysis Javascript analysis YARA /feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d Attachment: HTML smuggling 'body onload' linking to suspicious destination
3 months ago
Sep 22nd, 2023
Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis URL analysis Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis URL analysis /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed Attachment: HTML smuggling 'body onload' with high entropy and suspicious text
2 months ago
Sep 25th, 2023
Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis /feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d Attachment: HTML smuggling containing recipient email address
Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis Sender analysis Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis Sender analysis /feeds/core/detection-rules/attachment-html-smuggling-containing-recipient-email-address-af32ff2f Attachment: HTML Smuggling Microsoft Sign In
2 months ago
Oct 4th, 2023
Credential Phishing Free subdomain host HTML smuggling Impersonation: Brand Social engineering Archive analysis Content analysis File analysis Header analysis Javascript analysis Sender analysis URL analysis Credential Phishing Free subdomain host HTML smuggling Impersonation: Brand Social engineering Archive analysis Content analysis File analysis Header analysis Javascript analysis Sender analysis URL analysis /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 Attachment: HTML smuggling - QR Code with suspicious links
12 days ago
Nov 27th, 2023
Credential Phishing QR code Computer Vision Header analysis Natural Language Understanding QR code analysis Sender analysis URL analysis URL screenshot Credential Phishing QR code Computer Vision Header analysis Natural Language Understanding QR code analysis Sender analysis URL analysis URL screenshot /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d Attachment: HTML smuggling with atob and high entropy
Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 Attachment: HTML smuggling with auto-downloaded file
4 months ago
Aug 21st, 2023
Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 Attachment: HTML smuggling with base64 encoded JavaScript function
3 months ago
Aug 27th, 2023
Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec Attachment: HTML smuggling with concatenation obfuscation
4 months ago
Aug 21st, 2023
Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis /feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346 Attachment: HTML smuggling with decimal encoding
3 months ago
Sep 21st, 2023
Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis /feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4 Attachment: HTML smuggling with embedded base64-encoded executable
4 months ago
Aug 21st, 2023
Malware/Ransomware Evasion HTML smuggling Archive analysis File analysis HTML analysis YARA Malware/Ransomware Evasion HTML smuggling Archive analysis File analysis HTML analysis YARA /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527