[PR sublime-security#3755] added rule: PhaaS: Impact Solutions (Impact Vector Suite)

Author: github-actions[bot]

detection-rules/3755_phaas_impact_solutions.yml

@@ -0,0 +1,47 @@
+name: "PhaaS: Impact Solutions (Impact Vector Suite)"
+description: |
+  Identifies the use of the Impact Solutions PhaaS.
+
+  Impact Vector Suite is a full-spectrum payload delivery platform, engineered for stealth-optimized execution across all major deployment vectors.
+type: "rule"
+severity: "medium"
+source: |
+  type.inbound
+  and (
+    (
+      length(attachments) >= 1
+      and any(attachments,
+              (
+                regex.icontains(file.parse_html(.).raw,
+                                "const (?:urlParts|fakeEvent|progressBar|segments)"
+                )
+                or any([file.parse_html(.).raw],
+                       strings.icontains(., "impact?")
+                       or regex.contains(., '\d(/impact)')
+                )
+              )
+      )
+    )
+    or (
+      any(body.links,
+          (
+            strings.icontains(.href_url.url, "impact?")
+            or strings.icontains(.href_url.url, "/impact")
+          )
+          and (
+            strings.icontains(.href_url.url, ":8443")
+            or strings.icontains(.href_url.url, ":2087")
+          )
+      )
+    )
+  )
+attack_types:
+  - "Credential Phishing"
+tactics_and_techniques:
+  - "Evasion"
+detection_methods:
+  - "Content analysis"
+id: "6e46247f-f5cb-508c-be05-e79218644b60"
+og_id: "4d197faf-31bc-5f09-bf60-9f6a52f913a9"
+testing_pr: 3755
+testing_sha: 4df8c69249860ae527795dde46816bda22596232