Malformed URL prefix

calendar Aug 9, 2023  ยท
Share on: linkedin copy

Malformed URL prefix is a technique used to evade email security scanners.

Sublime rule (View on GitHub)

 1name: Malformed URL prefix
 2description: |
 3    Malformed URL prefix is a technique used to evade email security scanners.
 4references:
 5  - "https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/"
 6type: "rule"
 7severity: "high"
 8source: |
 9    any(body.links, regex.icontains(.href_url.url, ':/\\'))
10attack_types:
11  - "Credential Phishing"
12  - "Malware/Ransomware"
13tactics_and_techniques:
14  - "Evasion"
15detection_methods:
16  - "URL analysis"
17id: "4e659d28-53fa-51ca-888d-a7cab1e4bcad"
to-top