Brand impersonation: Ripple

calendar Oct 4, 2023 · Cryptocurrency  ·
Share on: linkedin copy

Attack impersonating Ripple cryptocurrency, potentially in the form of a giveaway scam.

Sublime rule (View on GitHub)

 1name: "Brand impersonation: Ripple"
 2description: |
 3    Attack impersonating Ripple cryptocurrency, potentially in the form of a giveaway scam.
 4references:
 5  - "https://ripple.com/insights/how-to-spot-xrp-giveaway-scams/"
 6  - "https://support.gatehub.net/hc/en-us/articles/360014496899-Phishing-email-spoofs-Ripple"
 7type: "rule"
 8severity: "low"
 9source: |
10  type.inbound
11  and regex.imatch(sender.display_name, '\bripple\b')
12  and sender.email.domain.root_domain not in ("ripple.com", "ripplejobs.co.uk")
13  and (
14    not profile.by_sender().solicited
15    or (
16      profile.by_sender().any_messages_malicious_or_spam
17      and not profile.by_sender().any_false_positives
18    )
19  )  
20tags:
21  - "Cryptocurrency"
22attack_types:
23  - "Credential Phishing"
24tactics_and_techniques:
25  - "Impersonation: Brand"
26  - "Social engineering"
27detection_methods:
28  - "Sender analysis"
29id: "68b39736-70e0-5bf7-8a0a-3e2206552251"

Related rules

to-top