sublimehighRule

Observed IOC: Malicious root domains in body links

Detects inbound messages containing links to known malicious root domains in the message body. IOC list is automatically managed and hashed by the IOC pipeline from the private threat intelligence feed.

MITRE ATT&CK

T1566 T1566.001 T1566.002 T1598 T1204.002 T1486 T1036 T1027

defense-evasioninitial-access

Detection Query

// AUTO-GENERATED IOC LIST - DO NOT EDIT MANUALLY
// Managed by automated IOC system
false // no active IOCs - rule is temporarily disabled

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

Raw Content

name: "Observed IOC: Malicious root domains in body links"
description: "Detects inbound messages containing links to known malicious root domains in the message body. IOC list is automatically managed and hashed by the IOC pipeline from the private threat intelligence feed."
type: "rule"
severity: "high"
source: |
  // AUTO-GENERATED IOC LIST - DO NOT EDIT MANUALLY
  // Managed by automated IOC system
  false // no active IOCs - rule is temporarily disabled

attack_types:
  - "Credential Phishing"
  - "Malware/Ransomware"
tactics_and_techniques:
  - "Evasion"
  - "Social engineering"
detection_methods:
  - "URL analysis"
  - "Content analysis"
id: "f5a6b7c8-d9e0-4f2a-9b4c-d5e6f7a8b9c0"