
Summary
Detects inbound messages containing PDF attachments that trigger a YARA-based lure detection. The rule filters for attachments with a PDF file type, expands the file contents, and triggers when a YARA rule named pdf_quote_lure_01 matches within the file. This targets quote-themed social engineering used in credential phishing and potential malware distribution. Detection methods are File analysis and YARA.
Categories
- Endpoint
Data Sources
- File
Created: 2026-07-02