diff --git a/detection-rules/attachment_html_smuggling_atob_ics.yml b/detection-rules/attachment_html_smuggling_atob_ics.yml
index 99c350d31cc..bdc8d29846e 100644
--- a/detection-rules/attachment_html_smuggling_atob_ics.yml
+++ b/detection-rules/attachment_html_smuggling_atob_ics.yml
@@ -65,6 +65,7 @@ attack_types:
tactics_and_techniques:
- "Evasion"
- "HTML smuggling"
+ - "ICS Phishing"
- "Scripting"
detection_methods:
- "File analysis"
diff --git a/detection-rules/attachment_html_smuggling_eval_atob_calendar.yml b/detection-rules/attachment_html_smuggling_eval_atob_calendar.yml
index 32dd55ae508..094005448ee 100644
--- a/detection-rules/attachment_html_smuggling_eval_atob_calendar.yml
+++ b/detection-rules/attachment_html_smuggling_eval_atob_calendar.yml
@@ -15,6 +15,7 @@ attack_types:
tactics_and_techniques:
- "Evasion"
- "HTML smuggling"
+ - "ICS Phishing"
- "Scripting"
detection_methods:
- "File analysis"
diff --git a/detection-rules/attachment_ics_aws_lambda_url.yml b/detection-rules/attachment_ics_aws_lambda_url.yml
index ffdc74c8a74..09aac46cbca 100644
--- a/detection-rules/attachment_ics_aws_lambda_url.yml
+++ b/detection-rules/attachment_ics_aws_lambda_url.yml
@@ -19,6 +19,7 @@ attack_types:
tactics_and_techniques:
- "Evasion"
- "Free file host"
+ - "ICS Phishing"
detection_methods:
- "Content analysis"
- "File analysis"
diff --git a/detection-rules/attachment_ics_embedded_document.yml b/detection-rules/attachment_ics_embedded_document.yml
index 192364571c2..5c5bfbd1bbe 100644
--- a/detection-rules/attachment_ics_embedded_document.yml
+++ b/detection-rules/attachment_ics_embedded_document.yml
@@ -26,6 +26,7 @@ attack_types:
- "Malware/Ransomware"
tactics_and_techniques:
- "Evasion"
+ - "ICS Phishing"
detection_methods:
- "File analysis"
id: "8f9957d9-a06a-5c5a-83af-2dc5c25bed86"
diff --git a/detection-rules/attachment_ics_employee_policy.yml b/detection-rules/attachment_ics_employee_policy.yml
index cd5c17b6a51..b60003be46c 100644
--- a/detection-rules/attachment_ics_employee_policy.yml
+++ b/detection-rules/attachment_ics_employee_policy.yml
@@ -24,6 +24,7 @@ attack_types:
- "BEC/Fraud"
tactics_and_techniques:
- "Evasion"
+ - "ICS Phishing"
- "Social engineering"
detection_methods:
- "File analysis"
diff --git a/detection-rules/attachment_ics_exessive_custom_properties.yml b/detection-rules/attachment_ics_exessive_custom_properties.yml
index f0ea9570c1f..eea41c7201d 100644
--- a/detection-rules/attachment_ics_exessive_custom_properties.yml
+++ b/detection-rules/attachment_ics_exessive_custom_properties.yml
@@ -17,6 +17,7 @@ attack_types:
- "Malware/Ransomware"
tactics_and_techniques:
- "Evasion"
+ - "ICS Phishing"
detection_methods:
- "File analysis"
- "Content analysis"
diff --git a/detection-rules/attachment_ics_file_non_rfc_compliant.yml b/detection-rules/attachment_ics_file_non_rfc_compliant.yml
index c1147bdf391..99c6d94692d 100644
--- a/detection-rules/attachment_ics_file_non_rfc_compliant.yml
+++ b/detection-rules/attachment_ics_file_non_rfc_compliant.yml
@@ -32,6 +32,7 @@ tags:
- "Attack surface reduction"
tactics_and_techniques:
- "Evasion"
+ - "ICS Phishing"
- "Social engineering"
detection_methods:
- "Archive analysis"
diff --git a/detection-rules/attachment_ics_google_redirect_invoice.yml b/detection-rules/attachment_ics_google_redirect_invoice.yml
index bc649cf8c6d..de22ac7401c 100644
--- a/detection-rules/attachment_ics_google_redirect_invoice.yml
+++ b/detection-rules/attachment_ics_google_redirect_invoice.yml
@@ -21,6 +21,7 @@ attack_types:
- "Credential Phishing"
- "BEC/Fraud"
tactics_and_techniques:
+ - "ICS Phishing"
- "Open redirect"
- "Social engineering"
detection_methods:
diff --git a/detection-rules/attachment_ics_meeting_invite.yml b/detection-rules/attachment_ics_meeting_invite.yml
index 1bc056ab600..b789e6572fc 100644
--- a/detection-rules/attachment_ics_meeting_invite.yml
+++ b/detection-rules/attachment_ics_meeting_invite.yml
@@ -15,6 +15,7 @@ attack_types:
- "BEC/Fraud"
- "Credential Phishing"
tactics_and_techniques:
+ - "ICS Phishing"
- "Social engineering"
detection_methods:
- "File analysis"
diff --git a/detection-rules/attachment_ics_non-gregorian.yml b/detection-rules/attachment_ics_non-gregorian.yml
index 21b3b7e6acd..ba279bdfae3 100644
--- a/detection-rules/attachment_ics_non-gregorian.yml
+++ b/detection-rules/attachment_ics_non-gregorian.yml
@@ -15,6 +15,7 @@ attack_types:
- "Credential Phishing"
tactics_and_techniques:
- "Evasion"
+ - "ICS Phishing"
detection_methods:
- "File analysis"
- "Content analysis"
diff --git a/detection-rules/attachment_ics_open_redirect.yml b/detection-rules/attachment_ics_open_redirect.yml
index 43ddc10c631..c20b8357d14 100644
--- a/detection-rules/attachment_ics_open_redirect.yml
+++ b/detection-rules/attachment_ics_open_redirect.yml
@@ -58,6 +58,7 @@ tactics_and_techniques:
- "Free email provider"
- "Free file host"
- "Free subdomain host"
+ - "ICS Phishing"
- "Open redirect"
detection_methods:
- "Content analysis"
diff --git a/detection-rules/attachment_ics_organizer_new_domain.yml b/detection-rules/attachment_ics_organizer_new_domain.yml
index 266d5b09c8e..fb92d10cad6 100644
--- a/detection-rules/attachment_ics_organizer_new_domain.yml
+++ b/detection-rules/attachment_ics_organizer_new_domain.yml
@@ -23,6 +23,7 @@ attack_types:
- "Callback Phishing"
tactics_and_techniques:
- "Evasion"
+ - "ICS Phishing"
- "Social engineering"
detection_methods:
- "File analysis"
diff --git a/detection-rules/attachment_ics_spoofed_with_attachment.yml b/detection-rules/attachment_ics_spoofed_with_attachment.yml
index acd6a026583..d797cbbeb12 100644
--- a/detection-rules/attachment_ics_spoofed_with_attachment.yml
+++ b/detection-rules/attachment_ics_spoofed_with_attachment.yml
@@ -56,6 +56,7 @@ attack_types:
tactics_and_techniques:
- "Spoofing"
- "Evasion"
+ - "ICS Phishing"
detection_methods:
- "File analysis"
- "Header analysis"
diff --git a/detection-rules/attachment_ics_svg_js.yml b/detection-rules/attachment_ics_svg_js.yml
index 5421e8b8253..6c39dd7fd11 100644
--- a/detection-rules/attachment_ics_svg_js.yml
+++ b/detection-rules/attachment_ics_svg_js.yml
@@ -35,6 +35,7 @@ attack_types:
tactics_and_techniques:
- "Scripting"
- "Evasion"
+ - "ICS Phishing"
detection_methods:
- "File analysis"
- "Javascript analysis"
diff --git a/detection-rules/attachment_ics_with_invisible_unicode_characters.yml b/detection-rules/attachment_ics_with_invisible_unicode_characters.yml
index 931d0261bde..47caca8cc6f 100644
--- a/detection-rules/attachment_ics_with_invisible_unicode_characters.yml
+++ b/detection-rules/attachment_ics_with_invisible_unicode_characters.yml
@@ -27,6 +27,7 @@ attack_types:
- "Malware/Ransomware"
tactics_and_techniques:
- "Evasion"
+ - "ICS Phishing"
detection_methods:
- "File analysis"
- "Content analysis"
diff --git a/detection-rules/callback_phishing_calendar_invite.yml b/detection-rules/callback_phishing_calendar_invite.yml
index 51d2f4f276e..5bbd26b9698 100644
--- a/detection-rules/callback_phishing_calendar_invite.yml
+++ b/detection-rules/callback_phishing_calendar_invite.yml
@@ -36,6 +36,7 @@ attack_types:
tactics_and_techniques:
- "Social engineering"
- "Evasion"
+ - "ICS Phishing"
detection_methods:
- "File analysis"
- "Header analysis"
diff --git a/detection-rules/link_gcal_invite_open_redirect.yml b/detection-rules/link_gcal_invite_open_redirect.yml
index 77e9e5769d0..0e9f7f543c4 100644
--- a/detection-rules/link_gcal_invite_open_redirect.yml
+++ b/detection-rules/link_gcal_invite_open_redirect.yml
@@ -43,6 +43,7 @@ attack_types:
tactics_and_techniques:
- "Free email provider"
- "Free file host"
+ - "ICS Phishing"
- "Open redirect"
- "Social engineering"
detection_methods:
diff --git a/detection-rules/service_abuse_google_calendar_notification.yml b/detection-rules/service_abuse_google_calendar_notification.yml
index 54f5c161fb6..e98e14b0f12 100644
--- a/detection-rules/service_abuse_google_calendar_notification.yml
+++ b/detection-rules/service_abuse_google_calendar_notification.yml
@@ -12,6 +12,7 @@ source: |
attack_types:
- "Callback Phishing"
tactics_and_techniques:
+ - "ICS Phishing"
- "Out of band pivot"
- "Social engineering"
detection_methods: