Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Email |
Detector Tags |
|
ATT&CK Tactic |
Defense Evasion (TA0005) |
ATT&CK Technique |
|
Severity |
Informational |
Description
Unicode characters can be used for obfuscation, allowing malicious actors to disguise harmful intent, URLs or attachments
By embedding non-printing Unicode characters, attackers can bypass security filters and evade detection mechanisms
Such characters may also be used for phishing attempts that appear legitimate to both users and security systems.
Attacker's Goals
Embedding suspicious Unicode characters in the email to appear legitimate,
evade security filters and bypass detection mechanisms.
Investigative actions
- Check the email address for any unusual spellings, missing letters, or unknown domains.
- If the message contains attachments/links, scrutinize them for any suspicious indications.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
Variations
EMAIL BETA - Phishing terms obfuscation using Unicode characters detected in email
Synopsis
Description
Unicode characters can be used for obfuscation, allowing malicious actors to disguise harmful intent, URLs or attachments
By embedding non-printing Unicode characters, attackers can bypass security filters and evade detection mechanisms
Such characters may also be used for phishing attempts that appear legitimate to both users and security systems.
Attacker's Goals
Embedding suspicious Unicode characters in the email to appear legitimate,
evade security filters and bypass detection mechanisms.
Investigative actions
- Check the email address for any unusual spellings, missing letters, or unknown domains.
- If the message contains attachments/links, scrutinize them for any suspicious indications.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - Words obfuscation using Unicode characters detected in email
Synopsis
Description
Unicode characters can be used for obfuscation, allowing malicious actors to disguise harmful intent, URLs or attachments
By embedding non-printing Unicode characters, attackers can bypass security filters and evade detection mechanisms
Such characters may also be used for phishing attempts that appear legitimate to both users and security systems.
Attacker's Goals
Embedding suspicious Unicode characters in the email to appear legitimate,
evade security filters and bypass detection mechanisms.
Investigative actions
- Check the email address for any unusual spellings, missing letters, or unknown domains.
- If the message contains attachments/links, scrutinize them for any suspicious indications.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.
EMAIL BETA - Multiple suspicious Unicode characters detected in email
Synopsis
Description
Unicode characters can be used for obfuscation, allowing malicious actors to disguise harmful intent, URLs or attachments
By embedding non-printing Unicode characters, attackers can bypass security filters and evade detection mechanisms
Such characters may also be used for phishing attempts that appear legitimate to both users and security systems.
Attacker's Goals
Embedding suspicious Unicode characters in the email to appear legitimate,
evade security filters and bypass detection mechanisms.
Investigative actions
- Check the email address for any unusual spellings, missing letters, or unknown domains.
- If the message contains attachments/links, scrutinize them for any suspicious indications.
- Monitor further actions taken, such as file downloads or access to potentially malicious links.