EXPLORE

EXPLORE DETECTIONS

🔍
1,155 detections found

Brand impersonation: Marriott with gift language

Detects messages impersonating Marriott brand that contain gift-related language such as 'appreciation gift', 'thank you gift', or 'something special' from senders not associated with legitimate Marriott domains.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: McAfee

Detects messages impersonating McAfee through display name, subject line, body content, or NLU entity detection when the sender is not from verified McAfee domains or other high-trust domains with valid DMARC authentication.

T1566T1566.001T1566.002T1598T1534+3
Sublimemedium

Brand impersonation: Meta and subsidiaries

Impersonation of Meta or Meta's subsidiaries Facebook and Instagram.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: MetaMask

Detects inbound messages containing links where the sender impersonates MetaMask through display name manipulation and includes the MetaMask logo or suspicious language, while not being from legitimate MetaMask domains. The rule checks for credential theft patterns and validates sender authentication.

T1566.002T1534T1656T1566T1566.001+2
Sublimehigh

Brand impersonation: Microsoft

Impersonation of the Microsoft brand.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Microsoft (QR code)

Detects messages using Microsoft image based lures, referencing or including a QR code from an Unsolicited sender. These messages often lead users to phishing sites or initiate unwanted downloads.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Microsoft fake sign-in alert

Detects messages impersonating Microsoft that mimic sign-in security alerts and attempt to solicit a response.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Microsoft logo in HTML with fake quarantine release notification

A message containing a Microsoft logo generated using HTML tables and references to the Microsoft Exchange quarantine, but did not come from Microsoft.

T1566T1566.001T1566.002T1598T1036+2
Sublimehigh

Brand impersonation: Microsoft logo or suspicious language with open redirect

Message contains a Microsoft logo or suspicious terms and use of an open redirect. This has been exploited in the wild to impersonate Microsoft.

T1566.002T1534T1656T1598.003T1566+1
Sublimehigh

Brand impersonation: Microsoft Planner with suspicious link

Impersonation of Microsoft Planner, a component of the Microsoft 365 software suite.

T1566T1566.001T1566.002T1598T1036+2
Sublimemedium

Brand impersonation: Microsoft quarantine release notification in body

Message containing suspicious quarantine release language in the body, and a Microsoft logo attachment but did not come from Microsoft.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Microsoft quarantine release notification in image attachment

Message with an image attachment containing credential theft language and references to the Microsoft Exchange quarantine, but did not come from Microsoft.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Microsoft Teams

Impersonation of a Microsoft Teams message.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Microsoft Teams invitation

Detects messages impersonating a Microsoft Teams invites by matching known invite text patterns while containing join links that do not resolve to Microsoft domains. Additional verification includes checking for absent phone dial-in options and missing standard Teams help text or HTML meeting components.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Microsoft with embedded logo and credential theft language

This rule detects messages impersonating Microsoft via a logo and contains credential theft language. From a new and unsolicited sender.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: Microsoft with low reputation links

Detects low reputation links with Microsoft specific indicators in the body.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Morgan Stanley

Detects messages impersonating Morgan Stanley that contain indicators of credential theft or callback scams, including references to secure email systems, client service centers, financial advisors, and registration processes. The rule identifies spoofed communications by checking for Morgan Stanley branding elements while excluding legitimate domains.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Navan

Impersonation of the expense management provider Navan.

T1566T1566.001T1566.002T1598T1598.003
Sublimemedium

Brand impersonation: Netflix

Impersonation of Netflix.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimelow

Brand impersonation: Norton

Scans files to detect Norton (Lifelock|360|Security) impersonation.

T1566T1566.001T1566.002T1598T1598.003
Sublimelow

Brand impersonation: Office 365 mail service

Detects messages from domains containing both 'o365' and 'mail' in the second-level domain, commonly used to impersonate legitimate Microsoft Office 365 mail services.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand impersonation: Okta

Impersonation of Okta, an identity and access management company.

T1566T1566.001T1566.002T1598T1598.003+1
Sublimemedium

Brand Impersonation: OpenAI with ChatGPT Ads lure

Detects messages impersonating OpenAI or ChatGPT, that contain specific references to ChatGPT Ads. Observed harvesting advertisting account credentials.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh

Brand impersonation: OpenAI with payment issues

Detects messages impersonating OpenAI or ChatGPT with payment-related content such as subscription cancellation, payment failures, or billing updates from non-OpenAI domains.

T1566T1566.001T1566.002T1598T1598.003
Sublimehigh
PreviousPage 16 of 49Next