Brand Impersonation: Exodus

Apr 18, 2023 · Brand impersonation Cryptocurrency ·

Share on:

Attack impersonating Exodus Wallet.

Sublime rule (View on GitHub)

 1name: "Brand Impersonation: Exodus"
 2description: |
 3    Attack impersonating Exodus Wallet.
 4references:
 5  - "https://exodus.com"
 6type: "rule"
 7severity: "low"
 8source: |
 9  type.inbound
10  and strings.ilike(sender.display_name, "*exodus*")
11  and sender.email.domain.root_domain not in ("exodus.com", "exodus.io", "exodusescaperoom.com")
12  and sender.email.email not in $recipient_emails  
13tags:
14  - "Brand impersonation"
15  - "Cryptocurrency"

Related rules

Brand impersonation: Ripple
Brand impersonation: Stellar Development Foundation (SDF)
Brand impersonation: Ledger
Brand impersonation: DHL
Brand impersonation: Github