Brand impersonation: Silicon Valley Bank
Detects emails that impersonate Silicon Valley Bank
Sublime rule (View on GitHub)
1name: "Brand impersonation: Silicon Valley Bank"
2description: "Detects emails that impersonate Silicon Valley Bank"
3type: "rule"
4severity: "medium"
5source: |
6 type.inbound
7 and (
8 regex.icontains(sender.email.domain.domain, "(silicon(e)?.{0,10}(valley|bank)|svb)")
9 or strings.ilevenshtein(sender.display_name, 'svb') <= 1
10 )
11 and network.whois(sender.email.domain).days_old <= 30
12attack_types:
13 - "Credential Phishing"
14tactics_and_techniques:
15 - "Impersonation: Brand"
16 - "Lookalike domain"
17 - "Social engineering"
18detection_methods:
19 - "Sender analysis"
20 - "Whois"
21id: "a01f61d9-a01a-548c-9a48-49f8d3732d05"