← Back to Explore
sublimemediumRule
Targeting: Specific AOL address
Message targeting a specific AOL address (me@aol.com) with a single recipient.
Detection Query
type.inbound
and length(recipients.to) == 1
and recipients.to[0].email.email == "me@aol.com"
Data Sources
Email MessagesEmail HeadersEmail Attachments
Platforms
email
Raw Content
name: "Targeting: Specific AOL address"
description: "Message targeting a specific AOL address (me@aol.com) with a single recipient."
type: "rule"
severity: "medium"
source: |
type.inbound
and length(recipients.to) == 1
and recipients.to[0].email.email == "me@aol.com"
attack_types:
- "Spam"
tactics_and_techniques:
- "Social engineering"
detection_methods:
- "Header analysis"
id: "c10dfad4-a040-5969-8659-e9c62ade0dc7"