Product
medium
advisory
Gsuite Email with Suspicious Subject and Attachments
2 rules 1 TTP 1 IOCDetection of Gsuite emails with suspicious subjects and attachments (e.g., DHL, UPS, invoice, DOC, ZIP) indicative of spear phishing, excluding internal test domains, which could lead to initial compromise and further malicious activity.
Gsuite
spear-phishing
initial-access
2r
1t
1i
medium
advisory
GSuite Email with Suspicious Attachment
2 rules 1 TTPThis analytic detects GSuite emails with suspicious file attachments (e.g., .exe, .bat, .js) which may indicate a spear-phishing attack leading to malware deployment and potential system compromise.
GSuite +1
spear-phishing
malicious-attachment
2r
1t
medium
advisory
GSuite Email with Known Abuse Web Service Links
2 rules 1 TTP 2 IOCsThis analytic detects emails in Gsuite containing links to known abuse web services such as Pastebin, Telegram, and Discord, commonly used by attackers to deliver malicious payloads leading to malware, phishing, or other harmful activities.
GSuite +1
phishing
malware
pastebin
telegram
discord
2r
1t
2i