Tag
Gsuite Email with Suspicious Subject and Attachments
2 rules 1 TTP 1 IOCDetection of Gsuite emails with suspicious subjects and attachments (e.g., DHL, UPS, invoice, DOC, ZIP) indicative of spear phishing, excluding internal test domains, which could lead to initial compromise and further malicious activity.
GSuite Suspicious File Share with Phishing Filenames
2 rules 1 TTPThis analytic detects suspicious file sharing activity in Google Workspace where files are shared with names commonly associated with phishing campaigns, such as 'invoice,' 'shipment,' or 'delivery', potentially leading to credential theft or malware infection.
GSuite Email with Suspicious Attachment
2 rules 1 TTPThis analytic detects GSuite emails with suspicious file attachments (e.g., .exe, .bat, .js) which may indicate a spear-phishing attack leading to malware deployment and potential system compromise.
GSuite Email with Known Abuse Web Service Links
2 rules 1 TTP 2 IOCsThis analytic detects emails in Gsuite containing links to known abuse web services such as Pastebin, Telegram, and Discord, commonly used by attackers to deliver malicious payloads leading to malware, phishing, or other harmful activities.