← Back to Explore
sublimehighRule
Observed IOC: Malicious reply-to root domains
Detects inbound messages with reply-to headers containing known malicious root domains. IOC list is automatically managed and hashed by the IOC pipeline from the private threat intelligence feed.
Detection Query
// AUTO-GENERATED IOC LIST - DO NOT EDIT MANUALLY
// Managed by automated IOC system
false // no active IOCs - rule is temporarily disabled
Data Sources
Email MessagesEmail HeadersEmail Attachments
Platforms
email
Raw Content
name: "Observed IOC: Malicious reply-to root domains"
description: "Detects inbound messages with reply-to headers containing known malicious root domains. IOC list is automatically managed and hashed by the IOC pipeline from the private threat intelligence feed."
type: "rule"
severity: "high"
source: |
// AUTO-GENERATED IOC LIST - DO NOT EDIT MANUALLY
// Managed by automated IOC system
false // no active IOCs - rule is temporarily disabled
attack_types:
- "BEC/Fraud"
- "Credential Phishing"
- "Malware/Ransomware"
tactics_and_techniques:
- "Impersonation: Domain"
- "Social engineering"
detection_methods:
- "Header analysis"
- "Sender analysis"
id: "f1a2b3c4-d5e6-4f7a-ab8c-d9e0f1a2b3c4"