Skip to content
Threat Feed

Tag

Gsuite

4 briefs RSS
medium advisory

Gsuite Email with Suspicious Subject and Attachments

Detection of Gsuite emails with suspicious subjects and attachments (e.g., DHL, UPS, invoice, DOC, ZIP) indicative of spear phishing, excluding internal test domains, which could lead to initial compromise and further malicious activity.

Gsuite spear-phishing initial-access
2r 1t 1i
medium advisory

GSuite Suspicious File Share with Phishing Filenames

This analytic detects suspicious file sharing activity in Google Workspace where files are shared with names commonly associated with phishing campaigns, such as 'invoice,' 'shipment,' or 'delivery', potentially leading to credential theft or malware infection.

Google Workspace +1 phishing gsuite google_workspace
2r 1t
medium advisory

GSuite Email with Suspicious Attachment

This analytic detects GSuite emails with suspicious file attachments (e.g., .exe, .bat, .js) which may indicate a spear-phishing attack leading to malware deployment and potential system compromise.

GSuite +1 spear-phishing malicious-attachment
2r 1t
medium advisory

GSuite Email with Known Abuse Web Service Links

This analytic detects emails in Gsuite containing links to known abuse web services such as Pastebin, Telegram, and Discord, commonly used by attackers to deliver malicious payloads leading to malware, phishing, or other harmful activities.

GSuite +1 phishing malware pastebin telegram discord
2r 1t 2i