sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Add detection rule for Carta brand impersonation

Open peterdj45 opened this issue 3 weeks ago • 0 comments

Description

Detects messages impersonating Carta, a cap table management platform, by analyzing sender display names, subject lines containing equity-related terms, and body content for Carta-specific language. Excludes legitimate Carta domains with valid DMARC authentication and benign newsletters.

Associated samples

  • https://platform.sublime.security/messages/4fad4fa768af66cbcb75327aeb3732f7542bef85f1e85c1814bc51ed97f392cf?preview_id=019a5870-25a1-7a24-bf16-d86ee68a8e72
  • https://platform.sublime.security/messages/4fad3dfd1d50e9e22c4780107fccd2cfe981570b9162acddccb0bbc4e88e6250?preview_id=019a55b2-6e98-7508-b746-763fdef8aa7f
  • https://platform.sublime.security/messages/4f9a855f82d0e008d3037f6e3513ebefa21dc13d246fc77c5b2cc9de352d68f6?preview_id=019a282f-f39f-7377-bff4-9cb3882e6540

Associated hunts

  • https://platform.sublime.security/messages/hunt?huntId=019a5b8c-39b4-7e38-8a99-c9d84c9bac83

peterdj45 avatar Nov 06 '25 23:11 peterdj45