Brand impersonation: Stellar Development Foundation (SDF)

calendarMar 8, 2023 · Brand impersonation Cryptocurrency  ·
Share on: linkedincopy

Attack impersonating Stellar Development Foundation (SDF).

Sublime rule (View on GitHub)

 1name: "Brand impersonation: Stellar Development Foundation (SDF)"
 2description: |
 3    Attack impersonating Stellar Development Foundation (SDF).
 4references:
 5  - "https://www.stellar.org"
 6  - "https://cyberint.com/blog/research/phishing-for-lumens-a-stellar-stealing-campaign/"
 7type: "rule"
 8severity: "low"
 9source: |
10  type.inbound
11  and regex.imatch(sender.display_name, '\bstellar\b')
12  and sender.email.domain.root_domain != "stellar.org"
13  and (
14      (
15          sender.email.domain.root_domain in $free_email_providers
16          and sender.email.email not in $recipient_emails
17      )
18      or (
19          sender.email.domain.root_domain not in $free_email_providers
20          and sender.email.domain.domain not in $recipient_domains
21      )
22  )  
23tags:
24  - "Brand impersonation"
25  - "Cryptocurrency"

Related rules

to-top