Brand impersonation: Stellar Development Foundation (SDF)

calendar Oct 4, 2023 · Cryptocurrency  ·
Share on: linkedin copy

Attack impersonating Stellar Development Foundation (SDF).

Sublime rule (View on GitHub)

 1name: "Brand impersonation: Stellar Development Foundation (SDF)"
 2description: |
 3    Attack impersonating Stellar Development Foundation (SDF).
 4references:
 5  - "https://www.stellar.org"
 6  - "https://cyberint.com/blog/research/phishing-for-lumens-a-stellar-stealing-campaign/"
 7type: "rule"
 8severity: "low"
 9source: |
10  type.inbound
11  and regex.imatch(sender.display_name, '\bstellar\b')
12  and sender.email.domain.root_domain != "stellar.org"
13  and (
14    not profile.by_sender().solicited
15    or (
16      profile.by_sender().any_messages_malicious_or_spam
17      and not profile.by_sender().any_false_positives
18    )
19  )  
20tags:
21  - "Cryptocurrency"
22attack_types:
23  - "Credential Phishing"
24tactics_and_techniques:
25  - "Impersonation: Brand"
26  - "Social engineering"
27detection_methods:
28  - "Sender analysis"
29id: "2af9ab94-77b2-5bf9-89f5-5206ee214d57"

Related rules

to-top