[PR #2911] added rule: Credential phishing: Engaging language and other indicators (untrusted sender)

Author: github-actions[bot]

detection-rules/2911_link_credential_phishing_intent_and_other_indicators.yml

@@ -0,0 +1,22 @@
+name: "Credential phishing: Engaging language and other indicators (untrusted sender)"
+description: |
+  Message contains various suspicious indicators as well as engaging language resembling credential theft from an untrusted sender.
+type: "rule"
+severity: "medium"
+source: |
+  false
+attack_types:
+  - "Credential Phishing"
+tactics_and_techniques:
+  - "Free email provider"
+  - "Social engineering"
+detection_methods:
+  - "Content analysis"
+  - "Header analysis"
+  - "Natural Language Understanding"
+  - "Sender analysis"
+  - "URL analysis"
+id: "76cb104d-8e00-560e-ad66-4b641d1244ff"
+og_id: "c2bc8ca2-d207-5c7d-96e4-a0d3d33b2af5"
+testing_pr: 2911
+testing_sha: 31387c4cc4d63acf07e99a2980281766664e129b