EMAIL BETA - Email attachment(s) with potentially malicious MIME type

Cortex XSIAM Analytics Alert Reference by Alert name

Product

Cortex XSIAM

Last date published

2025-04-07

Synopsis

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	3 Days
Required Data	Requires: Office 365 Mail
Detection Modules	Email
Detector Tags
ATT&CK Tactic	Defense Evasion (TA0005) Execution (TA0002)
ATT&CK Technique	Masquerading: Masquerade File Type (T1036.008) User Execution (T1204)
Severity	Informational

Description

The email message contains an attachment(s) with a potentially malicious MIME type.

Attacker's Goals

Deploy malicious attachments through emails to compromise systems, gain unauthorized access, or facilitate cyber threats.

Investigative actions

Carefully analyze attachments for any indications of suspicious or malicious behavior.
Scrutinize the attachments for any suspicious indications.
Confirm whether the attachments were successfully delivered to the recipient's mailbox.
If the attachments were delivered successfully, verify whether the recipient downloaded them.

Variations

EMAIL BETA - Attachment(s) with potentially malicious MIME type unusual for the organization

Synopsis

ATT&CK Tactic

ATT&CK Technique

Severity

Medium

Description

At least one attachment with a potentially malicious file mime-type was received in an email for the first time within the organization in the past 30 days.

Attacker's Goals

Deploy malicious attachments through emails to compromise systems, gain unauthorized access, or facilitate cyber threats.

Investigative actions

Carefully analyze attachments for any indications of suspicious or malicious behavior.
Scrutinize the attachments for any suspicious indications.
Confirm whether the attachments were successfully delivered to the recipient's mailbox.
If the attachments were delivered successfully, verify whether the recipient downloaded them.

EMAIL BETA - Attachment(s) with a potentially malicious MIME type that is unusual for the recipient

Synopsis

ATT&CK Tactic

ATT&CK Technique

Severity

Low

Description

At least one attachment with a potentially malicious file mime-type was received in an email for the first time for the recipient in the past 30 days.

Attacker's Goals

Deploy malicious attachments through emails to compromise systems, gain unauthorized access, or facilitate cyber threats.

Investigative actions

Carefully analyze attachments for any indications of suspicious or malicious behavior.
Scrutinize the attachments for any suspicious indications.
Confirm whether the attachments were successfully delivered to the recipient's mailbox.
If the attachments were delivered successfully, verify whether the recipient downloaded them.