sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Create link_crypto_fraud.yml

Open aidenmitchell opened this issue 3 weeks ago • 0 comments

Description

Detects messages containing financial communications about cryptocurrency or bitcoin with links to suspicious domains, URL shorteners, newly registered domains, or domains with known cryptocurrency fraud indicators. The rule analyzes link behavior including redirects, specific abuse patterns, and JavaScript configurations commonly used in cryptocurrency scams. Excludes legitimate cryptocurrency platforms with proper authentication.

Associated samples

  • https://platform.sublime.security/messages/4fae16d271d3344d7d78c7d156a9a4c7dca781c4ed466af4a4cb6e1f6b23c2ce?preview_id=019a5b7f-08db-777c-b47f-e1056ad5c60a

aidenmitchell avatar Nov 07 '25 23:11 aidenmitchell