sublimemediumRule

Shopify infrastructure abuse

Attackers have been observed using myshopify.com links to bypass domain reputation checks.

MITRE ATT&CK

T1566 T1566.001 T1566.002 T1598 T1036 T1027 T1598.003

defense-evasioninitial-access

Detection Query

false

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

Raw Content

name: "Shopify infrastructure abuse"
description: "Attackers have been observed using myshopify.com links to bypass domain reputation checks."
type: "rule"
severity: "medium"
source: |
  false

attack_types:
  - "Credential Phishing"
  - "Spam"
tactics_and_techniques:
  - "Evasion"
  - "Free subdomain host"
  - "Impersonation: Brand"
  - "Social engineering"
detection_methods:
  - "Content analysis"
  - "Header analysis"
  - "URL analysis"
id: "844ff164-d2cb-5e7f-9f51-b2d71078e819"