Show in Graph
Common Information
Type Value
Value 
rule outlook_creds {
	meta:
		author = "@_batsec_"
		plugin = "outlook_parse"
	strings:
		$str1 = "login.live.com"
		$str2 = "login="
		$str3 = "hisScaleUnit="
		$str4 = "passwd="
	condition:
		all of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2021-01-12 14 Breaking The Browser - A tale of IPC, credentials and backdoors - MDSec