Attachment: PDF Object Hash associated with fake Canada Revenue Agency documents

calendar Jun 17, 2026  ยท
Share on: linkedin copy

Matching PDF Object Hash associated with chrome -> export to pdf of a shared document related to Canada's Revenue Agency.

Sublime rule (View on GitHub)

 1name: "Attachment: PDF Object Hash associated with fake Canada Revenue Agency documents"
 2description: "Matching PDF Object Hash associated with chrome -> export to pdf of a shared document related to Canada's Revenue Agency."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and any(filter(attachments, .file_type == "pdf"),
 8          any(file.explode(.),
 9              .scan.pdf_obj_hash.object_hash == "cf509abbdc5aa6b1b759a216e3e570cf"
10          )
11  )  
12attack_types:
13  - "Credential Phishing"
14  - "Malware/Ransomware"
15tactics_and_techniques:
16  - "PDF"
17  - "Evasion"
18detection_methods:
19  - "File analysis"
20  - "Threat Intelligence"
21id: "ff09be2b-d5d9-5023-8e4f-830e7b19650f"
to-top