Attachment: PDF with CVE-2026-34621 lures

calendar Apr 22, 2026  ยท
Share on: linkedin copy

Detects PDF attachments containing YARA signatures associated with CVE-2026-34621's observed lures.

Sublime rule (View on GitHub)

 1name: "Attachment: PDF with CVE-2026-34621 lures"
 2description: "Detects PDF attachments containing YARA signatures associated with CVE-2026-34621's observed lures."
 3type: "rule"
 4severity: "high"
 5source: |
 6  type.inbound
 7  and any(filter(attachments, .file_type == "pdf"),
 8          any(file.explode(.),
 9              .depth == 0
10              and any(.scan.yara.matches,
11                      .name == "pdf_cve_2026_34621_observed_lures"
12              )
13          )
14  )  
15attack_types:
16  - "Malware/Ransomware"
17tactics_and_techniques:
18  - "PDF"
19detection_methods:
20  - "File analysis"
21  - "YARA"
22id: "181ac54e-91c7-5521-ac81-a65ebe50f50a"
to-top