EXPLORE
Sign In
← Back to Explore
sublimemediumRule

Link: Blogspot hosting explicit romance content

Detects inbound messages containing links to Blogspot domains that host explicit romance content, identified through natural language processing of the message body.

MITRE ATT&CK

T1566T1598
initial-access

Detection Query

type.inbound
and any(body.links, .href_url.domain.root_domain == "blogspot.com")
and (
  any(ml.nlu_classifier(body.current_thread.text).topics,
      .name == "Sexually Explicit Messages"
  )
)

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

email
Raw Content
name: "Link: Blogspot hosting explicit romance content"
description: "Detects inbound messages containing links to Blogspot domains that host explicit romance content, identified through natural language processing of the message body."
type: "rule"
severity: "medium"
source: |
  type.inbound
  and any(body.links, .href_url.domain.root_domain == "blogspot.com")
  and (
    any(ml.nlu_classifier(body.current_thread.text).topics,
        .name == "Sexually Explicit Messages"
    )
  )
attack_types:
  - "Spam"
tactics_and_techniques:
  - "Free subdomain host"
  - "Social engineering"
detection_methods:
  - "Natural Language Understanding"
  - "URL analysis"
id: "132e88c5-7aaf-5ec1-a70b-3e2f3b01a7a9"