Phishing Command Examples Using a Machine Learning Model

Examples of using the machine learning (ml) DbotPredictPhishingWords command after creating a machine learning model in Cortex XSOAR. war room
In this example, we have created a machine learning model, called “demoModel” that predicts the following:
For an example how to create the machine learning model, see Machine Learning Model Example.
After running the command, Cortex XSOAR returns the following information:
  • TextTokensHighlighted
    : The text of the email message with the highlighted positive words (if found).
  • Label
    : The predicted label found by the model.
  • Probability
    : The prediction probability.
  • PositiveWords
    : Words that encouraged the model to make the prediction.
  • NegativeWords
    : Words that are in general not correlated with the predicted class and reduced the model’s confidence in its prediction.
In the War Room, run the following commands:
!DBotPredictPhishingWords modelName="demoModel" emailBody=”Your email account was LOGIN today by Unknown IP address: 10.240.180.228, click on UPDATE <http://helpd.moonfruit.com/> to validate and verify your email account now to avoid Outlook Web App been disabled for user”
!DBotPredictPhishingWords modelName="demoModel" emailBody=“Your Outlook Exceeded its storage limit Click here <https://docs.google.com/forms/d/e/1FAIpQLSckF75SUgErVFmTEfHhhFkiX2-4V2tgC0nssDvpkqZnPz4pkQ/viewform> fill and SUBMIT for more space or you wont be able to send Mail.”
!DBotPredictPhishingWords modelName="demoModel" emailBody=“Dear member, the credit card we have on file for your PayPal service was declined when we attempted to bill you for your most recent service fees. For this reason, your service could be suspended. You must update your billing information immediately in order to avoid any interruption to your services”
DBotPredictPhishingWords modelName="demoModel" emailBody=“lose 22.5lbs in 3 weeks! flush fat away forever! free 30-day supply **http://www.adclick.ws/p.cfm?o=423&s=pk19.** to unsubscribe, click below: http://u2.azoogle.com/?z=93-1090346-62llc4”

Recommended For You