sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Create brand_impersonation_stripe_notification.yml

Open aidenmitchell opened this issue 1 year ago • 1 comments

Description

Campaigns have been observed sending templated Stripe notification emails with the call-to-action button link replaced, clicking through to a malicious credential phishing page.

Associated samples

  • https://platform.sublimesecurity.com/messages/efe0061f0fa1ae7bf6e7db7e3b1919d5b72a7fc9f82d8c068923763f53dec77c
  • https://platform.sublimesecurity.com/messages/bedd0308cb99cab276f8cd7066331e9004a075ccbc8c7be071a6d64184431cf2

Associated hunts

  • https://platform.sublimesecurity.com/hunts/cde1c9aa-398d-4402-979e-a9f14b2a88a4

aidenmitchell avatar Aug 01 '24 18:08 aidenmitchell

/update-test-rules

aidenmitchell avatar Aug 01 '24 18:08 aidenmitchell

Hasn't fired at all as far as I can tell, seems safe.

aidenmitchell avatar Aug 09 '24 17:08 aidenmitchell