Attachment: ZIP file with CVE-2026-0866 exploit

calendar Mar 20, 2026  ยท
Share on: linkedin copy

Detects ZIP attachments containing exploits targeting CVE-2026-0866 vulnerability through YARA signature matching.

Sublime rule (View on GitHub)

 1name: "Attachment: ZIP file with CVE-2026-0866 exploit"
 2description: "Detects ZIP attachments containing exploits targeting CVE-2026-0866 vulnerability through YARA signature matching."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  any(filter(attachments, .file_type == "zip"),
 7      any(file.explode(.),
 8          any(.scan.yara.matches, .name in ("zip_cve_2026_0866"))
 9      )
10  )  
11attack_types:
12  - "Malware/Ransomware"
13tactics_and_techniques:
14  - "Exploit"
15  - "Evasion"
16detection_methods:
17  - "Archive analysis"
18  - "File analysis"
19  - "YARA"
20id: "88ef27ac-8996-5c45-bfa5-b8222126df22"
to-top