Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
- This may indicate an attempt at masquerading the true file type through the misuse of multiple extensions in the attachment name.
Attacker's Goals
- Deploy malicious attachments through emails to compromise systems or gain unauthorized access.
Investigative actions
- Check the file types and investigate the legitimacy of files intended to be sent via email.
- Scrutinize the attachments for any suspicious indications.
- Confirm whether the attachments were successfully delivered to the recipient's mailbox.
- If the attachments were delivered successfully, verify whether the recipient downloaded them.
- Check the email address for any unusual spellings or missing letters.
- Verify the sender's address to confirm its legitimacy.
- Check for previous emails from the sender's address.