heroui logo

Attachment: PDF with quote lure

Sublime Rules

View Source
Summary
Detects inbound messages containing PDF attachments that trigger a YARA-based lure detection. The rule filters for attachments with a PDF file type, expands the file contents, and triggers when a YARA rule named pdf_quote_lure_01 matches within the file. This targets quote-themed social engineering used in credential phishing and potential malware distribution. Detection methods are File analysis and YARA.
Categories
  • Endpoint
Data Sources
  • File
Created: 2026-07-02