sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Create godaddy_invoice_abuse.yml

Open peterdj45 opened this issue 2 months ago • 1 comments

Description

Detects legitimate GoDaddy Payments invoices that contain suspicious indicators. Observed abused for extortion campaigns.

Associated samples

  • https://platform.sublime.security/messages/4f7923cc4ffb35e7f6077531da488a938f89f607a7faad23efe08f5f67d05197

Associated hunts

  • https://platform.sublime.security/messages/hunt?huntId=01997045-4c0b-7a95-b53d-1ea3db7e533c

peterdj45 avatar Sep 22 '25 07:09 peterdj45

fairly low volume of these (only seen one sample come through so far). will let this bake in test-rules to evaluate effectiveness.

peterdj45 avatar Sep 22 '25 07:09 peterdj45

haven't had another sample come through in over two months. gonna close this out for now

peterdj45 avatar Nov 20 '25 09:11 peterdj45