Body: Suspicious date format

calendar Apr 22, 2026  ยท
Share on: linkedin copy

Detects messages containing strage date formats observed in phishing emails.

Sublime rule (View on GitHub)

 1name: "Body: Suspicious date format"
 2description: "Detects messages containing strage date formats observed in phishing emails."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and regex.icontains(body.current_thread.text,
 8                      'Date:\s(?:Sunday|Monday|Tuesday|Wednesday|Thursday|Friday|Saturday)\s(?:January|February|March|April|May|June|July|August|September|October|November|December)\s202(?:5|6|7|8|9)'
 9  )  
10attack_types:
11  - "Credential Phishing"
12tactics_and_techniques:
13  - "Evasion"
14  - "Spoofing"
15  - "Social engineering"
16detection_methods:
17  - "Content analysis"
18id: "36344c62-7437-5737-8f57-e509648fa2ae"
to-top