← Back to Explore
sublimehighRule
Observed IOC: Malicious sender root domains
Detects inbound messages sent from known malicious sender root domains. IOC list is automatically managed and hashed by the IOC pipeline from the private threat intelligence feed.
Detection Query
// AUTO-GENERATED IOC LIST - DO NOT EDIT MANUALLY
// Managed by automated IOC system
type.inbound
and hash.sha256(sender.email.domain.root_domain) in (
'67108effe3f74404f4b4a52a7dc91aeb228613c751a8750d48f3bb44dae9d65c', // Observed malicious sender domain
'cb9a978a274a3517107b67deeaac47987110feb4d398097339965a064ecbfa7a' // Reported from a customer
)
Data Sources
Email MessagesEmail HeadersEmail Attachments
Platforms
email
Raw Content
name: "Observed IOC: Malicious sender root domains"
description: "Detects inbound messages sent from known malicious sender root domains. IOC list is automatically managed and hashed by the IOC pipeline from the private threat intelligence feed."
type: "rule"
severity: "high"
source: |
// AUTO-GENERATED IOC LIST - DO NOT EDIT MANUALLY
// Managed by automated IOC system
type.inbound
and hash.sha256(sender.email.domain.root_domain) in (
'67108effe3f74404f4b4a52a7dc91aeb228613c751a8750d48f3bb44dae9d65c', // Observed malicious sender domain
'cb9a978a274a3517107b67deeaac47987110feb4d398097339965a064ecbfa7a' // Reported from a customer
)
attack_types:
- "BEC/Fraud"
- "Credential Phishing"
- "Malware/Ransomware"
tactics_and_techniques:
- "Impersonation: Domain"
- "Social engineering"
detection_methods:
- "Sender analysis"
- "Header analysis"
id: "d3e4f5a6-b7c8-4d0e-bf2a-b3c4d5e6f7a8"