← Back to Explore
sublimehighRule
Attachment: PDF with CVE-2026-34621 lures
Detects PDF attachments containing YARA signatures associated with CVE-2026-34621's observed lures.
Detection Query
type.inbound
and any(filter(attachments, .file_type == "pdf"),
any(file.explode(.),
.depth == 0
and any(.scan.yara.matches,
.name == "pdf_cve_2026_34621_observed_lures"
)
)
)
Data Sources
Email MessagesEmail HeadersEmail Attachments
Platforms
email
Raw Content
name: "Attachment: PDF with CVE-2026-34621 lures"
description: "Detects PDF attachments containing YARA signatures associated with CVE-2026-34621's observed lures."
type: "rule"
severity: "high"
source: |
type.inbound
and any(filter(attachments, .file_type == "pdf"),
any(file.explode(.),
.depth == 0
and any(.scan.yara.matches,
.name == "pdf_cve_2026_34621_observed_lures"
)
)
)
attack_types:
- "Malware/Ransomware"
tactics_and_techniques:
- "PDF"
detection_methods:
- "File analysis"
- "YARA"
id: "181ac54e-91c7-5521-ac81-a65ebe50f50a"