Malformed URL prefix
Malformed URL prefix is a technique used to evade email security scanners.
Sublime rule (View on GitHub)
1name: Malformed URL prefix
2description: |
3 Malformed URL prefix is a technique used to evade email security scanners.
4references:
5 - "https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/"
6type: "rule"
7severity: "high"
8source: |
9 any(body.links, regex.icontains(.href_url.url, ':/\\'))
10attack_types:
11 - "Credential Phishing"
12 - "Malware/Ransomware"
13tactics_and_techniques:
14 - "Evasion"
15detection_methods:
16 - "URL analysis"
17id: "4e659d28-53fa-51ca-888d-a7cab1e4bcad"